All icons at my desktop and the taskbar are gone

Posted 8/28/2012 6:11 AM
#94293
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
kindly help me with my computer. when i open my computer all icons and task bar were gone. i cant shut it down. only thru avr. but when i try to open it in safe mode it works. pls tell me what to do. <br/>here is my combo fix log: <br/>ComboFix 12-08-25.04 - Administrator 8/2012 Tue 11:47:52.17.2 - x86 NETWORK <br/>Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1647 [GMT 8:00] <br/>执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} <br/>AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>. <br/>. <br/>((((((((((((((((((((((((( 2012-07-28 至 2012-08-28 的新的档案 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-08-28 03:27 . 2012-08-28 03:27 -------- d-----w- c:\windows\system32\wbem\Repository <br/>2012-08-04 00:59 . 2012-08-04 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss <br/>2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-08-25 09:48 . 2012-04-19 00:44 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe <br/>2012-08-25 09:48 . 2011-11-21 11:42 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2012-07-03 05:46 . 2011-11-22 04:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2012-07-20 03:29 . 2011-12-02 05:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((( SnapShot_2012-05-21_03.59.18 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2011-11-22 06:02 . 2012-08-14 02:35 63964 c:\windows\system32\mlfcache.dat <br/>- 2012-01-11 05:38 . 2012-03-21 06:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat <br/>+ 2012-01-11 05:38 . 2012-08-23 00:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat <br/>+ 2012-01-11 05:38 . 2012-08-23 00:52 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat <br/>- 2012-01-11 05:38 . 2012-03-21 06:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat <br/>+ 2012-07-20 09:52 . 2012-07-20 09:52 22016 c:\windows\Installer\9dfab.msi <br/>+ 2012-06-22 06:15 . 2012-06-22 06:15 49664 c:\windows\Installer\149ffc1.msi <br/>+ 2012-06-19 05:47 . 2001-08-17 14:36 5632 c:\windows\system32\ptpusb.dll <br/>+ 2012-06-19 05:47 . 2008-04-13 21:42 159232 c:\windows\system32\ptpusd.dll <br/>+ 2012-08-25 09:48 . 2012-08-25 09:48 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe <br/>+ 2012-08-15 02:02 . 2012-08-15 02:02 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe <br/>+ 2012-08-15 02:02 . 2012-08-15 02:02 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll <br/>+ 2012-04-19 00:44 . 2012-08-25 09:48 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe <br/>+ 2008-08-13 22:44 . 2012-08-14 01:26 273376 c:\windows\system32\FNTCACHE.DAT <br/>+ 2012-06-15 03:35 . 2012-06-15 05:30 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat <br/>+ 2012-08-10 06:30 . 2012-08-10 06:30 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe <br/>+ 2011-04-22 05:26 . 2011-04-22 05:26 688128 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\JP2KLib.dll <br/>+ 2009-01-18 08:00 . 2009-01-18 08:00 598016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AXSLE.dll <br/>+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe <br/>+ 2012-01-02 02:07 . 2012-01-02 02:07 843712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearm.exe <br/>+ 2012-01-19 01:59 . 2012-08-28 03:28 2344836 c:\windows\system32\Restore\rstrlog.dat <br/>+ 2012-08-25 09:48 . 2012-08-25 09:48 9813704 c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll <br/>+ 2012-08-10 06:30 . 2012-08-10 06:30 1648640 c:\windows\Installer\2a66e.msi <br/>+ 2012-07-31 16:18 . 2012-07-31 16:18 5018624 c:\windows\Installer\2106aa6.msp <br/>+ 2011-01-30 13:16 . 2011-01-30 13:16 5713408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AGM.dll <br/>+ 2012-06-22 06:15 . 2012-06-22 06:15 15705600 c:\windows\Installer\149ffc8.msp <br/>. <br/>((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*注意* 空白与合法缺省登录将不会被显示 <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] <br/>[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] <br/>[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-22 39408] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] <br/>"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] <br/>"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] <br/>"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] <br/>. <br/>c:\documents and settings\Administrator\Start Menu\Programs\Startup\ <br/>Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] <br/>Feed Notifier.lnk - c:\program files\Feed Notifier\notifier.exe [2012-3-8 58368] <br/>IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-11-22 210432] <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\IPMsg\\ipmsg.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/>. <br/>R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [8/30/2008 12:31 PM 27648] <br/>R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [8/30/2008 12:31 PM 7680] <br/>R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [8/30/2008 12:32 PM 27648] <br/>R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [8/30/2008 12:32 PM 33408] <br/>R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/30/2008 12:31 PM 45056] <br/>S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [8/30/2008 12:31 PM 9809] <br/>S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?] <br/>S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4f0f7ded\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4f0f7ded\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4f0f7ded\avupgsvc.exe [?] <br/>S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [11/21/2011 7:28 PM 81920] <br/>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176] <br/>S2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [11/21/2011 7:46 PM 4032] <br/>S2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [11/21/2011 7:46 PM 27696] <br/>S2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [5/16/2012 2:03 PM 185856] <br/>S2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [11/21/2011 7:46 PM 26060] <br/>S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944] <br/>S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/19/2012 8:44 AM 250568] <br/>S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [11/21/2011 7:28 PM 2732032] <br/>S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176] <br/>S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 10:20 AM 113120] <br/>. <br/> ‘计划任务’ 文件夹 里的内容 <br/>. <br/>2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job <br/>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 09:48] <br/>. <br/>2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24] <br/>. <br/>2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24] <br/>. <br/>2012-08-28 c:\windows\Tasks\User_Feed_Synchronization-{494232BA-F10B-4C2D-910D-DD06DB7D7733}.job <br/>- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31] <br/>. <br/>. <br/>------- 而外的扫描 ------- <br/>. <br/>uStart Page = hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310 <br/>mStart Page = hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310 <br/>uInternet Connection Wizard,ShellNext = hxxp://www.firebirdsql.org//afterinstall <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>TCP: DhcpNameServer = 124.106.5.2 124.106.6.2 <br/>FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\obpr90mx.default\ <br/>FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p= <br/>FF - prefs.js: browser.search.selectedEngine - Google <br/>FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310 <br/>FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q= <br/>FF - user.js: extensions.incredibar_i.newTab - false <br/>FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyC0p5zen&loc=IB_TB&i=26&search= <br/>FF - user.js: extensions.incredibar_i.id - c45bc61b000000000000002421aa3a14 <br/>FF - user.js: extensions.incredibar_i.instlDay - 15476 <br/>FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 <br/>FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 <br/>FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:03 <br/>FF - user.js: extensions.incredibar_i.prtnrId - Incredibar <br/>FF - user.js: extensions.incredibar_i.prdct - incredibar <br/>FF - user.js: extensions.incredibar_i.aflt - orgnl <br/>FF - user.js: extensions.incredibar_i.smplGrp - none <br/>FF - user.js: extensions.incredibar_i.tlbrId - base <br/>FF - user.js: extensions.incredibar_i.instlRef - <br/>FF - user.js: extensions.incredibar_i.dfltLng - <br/>FF - user.js: extensions.incredibar_i.excTlbr - false <br/>FF - user.js: extensions.incredibar_i.ms_url_id - <br/>FF - user.js: extensions.incredibar_i.upn2 - 6OyC0p5zen <br/>FF - user.js: extensions.incredibar_i.upn2n - 92261418233124847 <br/>FF - user.js: extensions.incredibar_i.productid - 26 <br/>FF - user.js: extensions.incredibar_i.installerproductid - 26 <br/>FF - user.js: extensions.incredibar_i.did - 10650 <br/>FF - user.js: extensions.incredibar_i.ppd - 27%5F4 <br/>FF - user.js: extensions.funmoods.hmpg - true <br/>FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310 <br/>FF - user.js: extensions.funmoods.dfltSrch - true <br/>FF - user.js: extensions.funmoods.srchPrvdr - Search <br/>FF - user.js: extensions.funmoods.dnsErr - true <br/>FF - user.js: extensions.funmoods_i.newTab - true <br/>FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310 <br/>FF - user.js: extensions.funmoods.tlbrSrchUrl - <br/>FF - user.js: extensions.funmoods.id - c45bc61b000000000000002421aa3a14 <br/>FF - user.js: extensions.funmoods.instlDay - 15540 <br/>FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 <br/>FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 <br/>FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:44 <br/>FF - user.js: extensions.funmoods.prtnrId - funmoods <br/>FF - user.js: extensions.funmoods.prdct - funmoods <br/>FF - user.js: extensions.funmoods.aflt - w7th1 <br/>FF - user.js: extensions.funmoods_i.smplGrp - none <br/>FF - user.js: extensions.funmoods.tlbrId - base <br/>FF - user.js: extensions.funmoods.instlRef - w7th1 <br/>FF - user.js: extensions.funmoods.dfltLng - <br/>FF - user.js: extensions.funmoods.excTlbr - false <br/>FF - user.js: extensions.funmoods.autoRvrt - false <br/>FF - user.js: extensions.funmoods.envrmnt - production <br/>FF - user.js: extensions.funmoods.isdcmntcmplt - true <br/>FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2012-08-28 11:52 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/>. <br/>扫描被隐藏的进程 。。。 <br/>. <br/>扫描被隐藏的启动组 。。。 <br/>. <br/>扫描被隐藏的文件 。。。 <br/>. <br/>扫描完成 <br/>被隐藏的档案: 0 <br/>. <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Internet Explorer\Approved Extensions] <br/>@Denied: (2) (Administrator) <br/>"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,64, <br/> 81,78,cb,75,03,9b,65,2d,53,5e,4a,3b,ac <br/>"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,13,78, <br/> 2f,b5,d0,5d,0c,a7,df,21,82,93,81,d6,9b <br/>. <br/>[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] <br/>@Denied: (2) (Administrator) <br/>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c3,57,50,94,ad,38,41,85,3f,9a,\ <br/>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c3,57,50,94,ad,38,41,85,3f,9a,\ <br/>. <br/>完成时间: 2012-08-28 11:53:50 <br/>ComboFix-quarantined-files.txt 2012-08-28 03:53 <br/>ComboFix2.txt 2012-08-28 00:54 <br/>ComboFix3.txt 2012-08-25 01:57 <br/>ComboFix4.txt 2012-08-14 01:54 <br/>ComboFix5.txt 2012-08-28 03:47 <br/>. <br/>Pre-Run: 105,259,413,504 bytes free <br/>Post-Run: 105,628,831,744 bytes free <br/>. <br/>- - End Of File - - 5DBEB4ED34A7582AC799BA81E05143F7 <br/> <br/>this is also my malwarebytes log: <br/> <br/>Malwarebytes Anti-Malware 1.62.0.1300 <br/>www.malwarebytes.org <br/> <br/>Database version: v2012.08.28.01 <br/> <br/>Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) <br/>Internet Explorer 8.0.6001.18702 <br/>Administrator :: JOY [administrator] <br/> <br/>8/28/2012 11:57:00 AM <br/>mbam-log-2012-08-28 (11-57-00).txt <br/> <br/>Scan type: Full scan (C:\|D:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 290776 <br/>Time elapsed: 24 minute(s), 9 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 12 <br/>HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully. <br/>HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end) <br/> <br/>i try c:\> attrib -s-h s/d/ *.* <br/> here is the log: <br/>Microsoft Windows XP [Version 5.1.2600] <br/>(C) Copyright 1985-2001 Microsoft Corp. <br/> <br/>C:\Documents and Settings\Administrator>cd c:\ <br/> <br/>C:\>attrib -s -h /s /d *.* <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper <br/>.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper <br/>Shim.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll <br/> <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX <br/>Access denied - C:\Qoobox\BackEnv <br/>Access denied - C:\WINDOWS\Prefetch\ACCOUNT.EXE-11EB9945.pf <br/>Access denied - C:\WINDOWS\Prefetch\ADOBEARM.EXE-2D1B11BF.pf <br/>Access denied - C:\WINDOWS\Prefetch\ASPELL.EXE-2320D1FB.pf <br/>Access denied - C:\WINDOWS\Prefetch\ASWREGSVR.EXE-27360615.pf <br/>Access denied - C:\WINDOWS\Prefetch\ATTRIB.3XE-09E9D153.pf <br/>Access denied - C:\WINDOWS\Prefetch\ATTRIB.3XE-10E166FB.pf <br/>Access denied - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVAST.SETUP-10F48C5B.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVASTEMUPDATE.EXE-033BD90D.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVASTUI.EXE-0B3C80E5.pf <br/>Access denied - C:\WINDOWS\Prefetch\CF2454.3XE-26BCF719.pf <br/>Access denied - C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf <br/>Access denied - C:\WINDOWS\Prefetch\CHIKKALAUNCHER.EXE-32AB4B6C.pf <br/>Access denied - C:\WINDOWS\Prefetch\CMD.3XE-32EEC145.pf <br/>Access denied - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf <br/>Access denied - C:\WINDOWS\Prefetch\COMBOFIX.EXE-3A3A8115.pf <br/>Access denied - C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf <br/>Access denied - C:\WINDOWS\Prefetch\CSCRIPT.3XE-1A0F6A51.pf <br/>Access denied - C:\WINDOWS\Prefetch\CSCRIPT.3XE-1AD11928.pf <br/>Access denied - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf <br/>Access denied - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf <br/>Access denied - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf <br/>Access denied - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf <br/>Access denied - C:\WINDOWS\Prefetch\DIGSBY-APP.EXE-1BD802E9.pf <br/>Access denied - C:\WINDOWS\Prefetch\DIGSBY.EXE-2DEEEA8A.pf <br/>Access denied - C:\WINDOWS\Prefetch\ERUNT.3XE-0A71A476.pf <br/>Access denied - C:\WINDOWS\Prefetch\EXCEL.EXE-34CB65E9.pf <br/>Access denied - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf <br/>Access denied - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf <br/>Access denied - C:\WINDOWS\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf <br/>Access denied - C:\WINDOWS\Prefetch\FLASHUTIL32_11_3_300_271_PLUG-0BD4341A.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-2AE91E26.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf <br/>Access denied - C:\WINDOWS\Prefetch\GREP.3XE-0FD7DFD4.pf <br/>Access denied - C:\WINDOWS\Prefetch\GREP.3XE-254D6273.pf <br/>Access denied - C:\WINDOWS\Prefetch\GREP.EXE-3309531C.pf <br/>Access denied - C:\WINDOWS\Prefetch\GROOVEMONITOR.EXE-2606717A.pf <br/>Access denied - C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf <br/>Access denied - C:\WINDOWS\Prefetch\GSAR.3XE-03FC2EDD.pf <br/>Access denied - C:\WINDOWS\Prefetch\GSAR.3XE-1971B17C.pf <br/>Access denied - C:\WINDOWS\Prefetch\HANDLE.3XE-09E29954.pf <br/>Access denied - C:\WINDOWS\Prefetch\HANDLE.3XE-10DA2EFC.pf <br/>Access denied - C:\WINDOWS\Prefetch\HELPER.EXE-0415776D.pf <br/>Access denied - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf <br/>Access denied - C:\WINDOWS\Prefetch\HIDEC.3XE-111262DC.pf <br/>Access denied - C:\WINDOWS\Prefetch\HIDEC.3XE-2D8618DD.pf <br/>Access denied - C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf <br/>Access denied - C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-12BBAE74.pf <br/>Access denied - C:\WINDOWS\Prefetch\IGFXPERS.EXE-2C07C174.pf <br/>Access denied - C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf <br/>Access denied - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf <br/>Access denied - C:\WINDOWS\Prefetch\IMJPMIG.EXE-03882F7A.pf <br/>Access denied - C:\WINDOWS\Prefetch\INSTALL_FLASHPLAYER11X32_MSSD-32F9B3BC.pf <br/>Access denied - C:\WINDOWS\Prefetch\INSTALL_FLASHPLAYER11X32_MSSD-39F4B374.pf <br/>Access denied - C:\WINDOWS\Prefetch\INSTALL_FLASH_PLAYER.EXE-0854CAC8.pf <br/>Access denied - C:\WINDOWS\Prefetch\IPMSG.EXE-26141277.pf <br/>Access denied - C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf <br/>Access denied - C:\WINDOWS\Prefetch\JUSCHED.EXE-0F4A509D.pf <br/>Access denied - C:\WINDOWS\Prefetch\Layout.ini <br/>Access denied - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf <br/>Access denied - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf <br/>Access denied - C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf <br/>Access denied - C:\WINDOWS\Prefetch\NIRCMD.3XE-0A841DB5.pf <br/>Access denied - C:\WINDOWS\Prefetch\NIRCMD.3XE-117BB35D.pf <br/>Access denied - C:\WINDOWS\Prefetch\NIRCMD.EXE-2C39EF53.pf <br/>Access denied - C:\WINDOWS\Prefetch\NIRCMDC.3XE-03B38F81.pf <br/>Access denied - C:\WINDOWS\Prefetch\NIRKMD.3XE-071472EF.pf <br/>Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf <br/>Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\NOTIFIER.EXE-2A3EC002.pf <br/>Access denied - C:\WINDOWS\Prefetch\NS10.TMP-3A74FA7F.pf <br/>Access denied - C:\WINDOWS\Prefetch\NS11.TMP-1489E333.pf <br/>Access denied - C:\WINDOWS\Prefetch\NSB.TMP-35532715.pf <br/>Access denied - C:\WINDOWS\Prefetch\NSF.TMP-19007368.pf <br/>Access denied - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf <br/>Access denied - C:\WINDOWS\Prefetch\ONENOTEM.EXE-157A39AC.pf <br/>Access denied - C:\WINDOWS\Prefetch\PEV.3XE-21FD478C.pf <br/>Access denied - C:\WINDOWS\Prefetch\PEV.3XE-358EBDB6.pf <br/>Access denied - C:\WINDOWS\Prefetch\PEV.EXE-0806C34B.pf <br/>Access denied - C:\WINDOWS\Prefetch\PEV.EXE-0CE2BF4A.pf <br/>Access denied - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf <br/>Access denied - C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf <br/>Access denied - C:\WINDOWS\Prefetch\PV.3XE-1C242CC7.pf <br/>Access denied - C:\WINDOWS\Prefetch\READER_SL.EXE-2B4EA1CB.pf <br/>Access denied - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf <br/>Access denied - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RMBR.3XE-3AAE61A2.pf <br/>Access denied - C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-11D01D9A.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-17947D5D.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EE676D0.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-356C8F20.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3596C059.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B11B44F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-42BD096B.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf <br/>Access denied - C:\WINDOWS\Prefetch\SED.3XE-35CB81F4.pf <br/>Access denied - C:\WINDOWS\Prefetch\SED.3XE-370DAEC3.pf <br/>Access denied - C:\WINDOWS\Prefetch\SED.EXE-0F4B402F.pf <br/>Access denied - C:\WINDOWS\Prefetch\SF.BIN-1A60157B.pf <br/>Access denied - C:\WINDOWS\Prefetch\SF.BIN-1D520004.pf <br/>Access denied - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf <br/>Access denied - C:\WINDOWS\Prefetch\SSMYPICS.SCR-01C62024.pf <br/>Access denied - C:\WINDOWS\Prefetch\SSTEXT3D.SCR-17B3B9DD.pf <br/>Access denied - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWREG.3XE-20CC4D60.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWREG.3XE-2965A2D9.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWREG.EXE-0F8682E2.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWSC.3XE-256BB068.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWSC.3XE-3AE13307.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWSC.EXE-17AFBFBF.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWXCACLS.3XE-2D6ED659.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWXCACLS.3XE-392ED218.pf <br/>Access denied - C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf <br/>Access denied - C:\WINDOWS\Prefetch\UPDATER.EXE-23F4D955.pf <br/>Access denied - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf <br/>Access denied - C:\WINDOWS\Prefetch\WINWORD.EXE-07381162.pf <br/>Access denied - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf <br/>Access denied - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf <br/>Access denied - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx <br/>Unable to change attribute - C:\pagefile.sys <br/> <br/>C:\>
Posted 8/28/2012 6:31 AM
#94295
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 2:30:24 PM, on 8/28/2012 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe <br/>C:\WINDOWS\system32\igfxsrvc.exe <br/>C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Feed Notifier\notifier.exe <br/>C:\Program Files\IPMsg\ipmsg.exe <br/>C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\Protector by IB\ExtensionUpdaterService.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe <br/>C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe <br/> <br/>R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 <br/>O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName <br/>O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE <br/>O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" <br/>O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <br/>O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe <br/>O4 - Startup: Feed Notifier.lnk = C:\Program Files\Feed Notifier\notifier.exe <br/>O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe <br/>O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O15 - ESC Trusted Zone: http://*.update.microsoft.com <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll <br/>O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll <br/>O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL <br/>O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: ipp - (no CLSID) - (no file) <br/>O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll <br/>O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll <br/>O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll <br/>O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll <br/>O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll <br/>O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll <br/>O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll <br/>O18 - Protocol: msdaipp - (no CLSID) - (no file) <br/>O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll <br/>O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll <br/>O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll <br/>O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll <br/>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll <br/>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll <br/>O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe <br/>O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing) <br/>O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing) <br/>O23 - Service: Avira Upgrade Service (AviraUpgradeService) - Unknown owner - C:\WINDOWS\TEMP\AVSETUP_4f0f7ded\avupgsvc.exe (file missing) <br/>O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe <br/>O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: Protector by IB Updater - Unknown owner - C:\Program Files\Protector by IB\ExtensionUpdaterService.exe <br/>O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe <br/>O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe <br/> <br/>-- <br/>End of file - 10863 bytes
Posted 8/28/2012 10:31 AM
#94296
User avatar

Advanced member

Right. SweetIM, again. <br/> <br/>In Safe Mode with Networking, so you can access the internet. <br/>Install Malwarebytes and either disable your antivirus protection and enable the protection from Malwarebytes, or vice-versa. Run a full scan and fix all the issues found (you need to check the boxes before you press Remove Selected): http://www.malwarebytes.org <br/>Then download and run Unhide, to restore the hidden fileshttp://www.bleepingcomputer.com/forums/topic405109.html <br/>Lastly, run a full scan with Avast. <br/> <br/>The above will remove the infection, but please get back to us with the logs and also let us know if you have any more issues with the computer afterwards. <br/> <br/>You did not remove SweetIM when you contacted us previously either...
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/29/2012 1:26 AM
#94297
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
i run the malwarebytes today here is my log: <br/>Malwarebytes Anti-Malware 1.62.0.1300 <br/>www.malwarebytes.org <br/> <br/>Database version: v2012.08.28.01 <br/> <br/>Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) <br/>Internet Explorer 8.0.6001.18702 <br/>Administrator :: JOY [administrator] <br/> <br/>8/29/2012 8:46:13 AM <br/>mbam-log-2012-08-29 (08-46-13).txt <br/> <br/>Scan type: Full scan (C:\|D:\|H:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 291145 <br/>Time elapsed: 24 minute(s), 26 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end)
Posted 8/29/2012 1:32 AM
#94298
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
Unhide by Lawrence Abrams (Grinler) <br/>http://www.bleepingcomputer.com/ <br/>Copyright 2008-2012 BleepingComputer.com <br/>More Information about Unhide.exe can be found at this link: <br/> http://www.bleepingcomputer.com/forums/topic405109.html <br/> <br/>Program started at: 08/29/2012 09:23:21 AM <br/>Windows Version: Windows XP <br/> <br/>Please be patient while your files are made visible again. <br/> <br/>Processing the A:\ drive <br/>Finished processing the A:\ drive. 0 files processed. <br/> <br/>Processing the C:\ drive <br/>Finished processing the C:\ drive. 79990 files processed. <br/> <br/>Processing the D:\ drive <br/>Finished processing the D:\ drive. 49667 files processed. <br/> <br/>Processing the H:\ drive <br/>Finished processing the H:\ drive. 244 files processed. <br/> <br/>The C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\ folder does not exist!! <br/>Unhide cannot restore your missing shortcuts!! <br/>Please see this topic in order to learn how to restore default <br/>Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html <br/> <br/>Searching for Windows Registry changes made by FakeHDD rogues. <br/> - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer <br/> - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer <br/> - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System <br/> - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop <br/> * HidNoChangingWallPaperden policy was found and deleted! <br/> - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced <br/> * Start_ShowPrinters was set to 0! It was set back to 1! <br/> * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! <br/> * Start_ShowNetConn was set to 0! It was set back to 1! <br/> <br/>Restarting Explorer.exe in order to apply changes. <br/> <br/>Program finished at: 08/29/2012 09:30:00 AM <br/>Execution time: 0 hours(s), 6 minute(s), and 39 seconds(s)
Posted 8/29/2012 5:33 AM
#94300
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
i run my avast antivirus <br/> <br/>this is the infected files i found: <br/> <br/>A0044008.exe C:\System Volume Information\ _restore {D9350BC7.291 <br/>A0044009.exe C:\System Volume Information\ _restore {D9350BC7.291 <br/>A0044010.exe C:\System Volume Information\ _restore {D9350BC7.291 <br/>incredibar.dll.vir C:\Qoobox\Quarantine\C\Program Files\Incredibar.com <br/>incredibartlbr.dll.vir C:\Qoobox\Quarantine\C\Program Files\Incredibar.com
Posted 8/30/2012 5:49 AM
#94307
User avatar

Advanced member

And how is the computer doing now?
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/30/2012 9:13 AM
#94309
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
system is still very slow. sometimes it hang up. <br/>is there any way i can do for my computer
Posted 9/1/2012 6:16 AM
#94314
User avatar

Advanced member

Because you had a lot of infections for a long time, it's a good thing if you run a sfc /scannow command in command prompt (it will ask you for the CD to repair files that it can't restore). <br/> <br/>Also, although I generally recommend against using registry cleaners because they can remove valid registry keys, install CCleaner from here http://www.piriform.com/ccleaner/download/standard and run it to remove your temporary files and obsolete registry keys. <br/> <br/>I would also have a look at the event logs and see what errors your computer has. It's good to address those issues whenever possible. <br/> <br/>Last but not least, make sure you that the latest updates for Windows, Java, Adobe Flash Player, your internet browser and all other programs you use.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 10:07 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.