Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

lost my desktop icons and taskbar [hijackthis log inside]

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » September 29th, 2009, 2:18 am

Today in the midst of browsing the internetz, my computer seemed to freeze. The taskbar and icons were no longer visible, Trojan I believe? I attempted opening "explorer.exe" from the task manager but it was unable to open. I got to the system restore wizard but unfortunately the earliest date is from Tuesday. Help would be greatly appreciated





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:13 AM, on 9/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\WINDOWS\System32\snmp.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: 217.20.175.74 http://www.review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 http://www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 http://www.reviews.pcadvisor.c.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 http://www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 http://www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 http://www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 http://www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 http://www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {3536d111-ba89-4a81-8750-0439e78cbdef} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: (no name) - {3536d111-ba89-4a81-8750-0439e78cbdef} - (no file)
O3 - Toolbar: (no name) - {92085AD4-F48A-450d-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - S-1-5-21-1214440339-839522115-725345543-1004 Startup: New Folder (User '?')
O4 - S-1-5-18 Startup: New Folder (User '?')
O4 - .DEFAULT Startup: New Folder (User 'Default user')
O4 - Startup: New Folder
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9541947296
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-209a4725fc671dba.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am
Advertisement
Register to Remove

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 3rd, 2009, 2:19 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    O1 - Hosts: 217.20.175.74 <http://www.review.2009softwarereviews.com>
    O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
    O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
    O1 - Hosts: 217.20.175.74 <http://www.reviews.toptenreviews.com>
    O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
    O1 - Hosts: 217.20.175.74 <http://www.reviews.pcadvisor.c.uk>
    O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
    O1 - Hosts: 217.20.175.74 <http://www.reviews.pcmag.com>
    O1 - Hosts: 217.20.175.74 reviews.pcmag.com
    O1 - Hosts: 217.20.175.74 <http://www.reviews.pcpro.co.uk>
    O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
    O1 - Hosts: 217.20.175.74 <http://www.reviews.reevoo.com>
    O1 - Hosts: 217.20.175.74 reviews.reevoo.com
    O1 - Hosts: 217.20.175.74 <http://www.reviews.riverstreams.co.uk>
    O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
    O1 - Hosts: 217.20.175.74 <http://www.reviews.techradar.com>
    O1 - Hosts: 217.20.175.74 reviews.techradar.com
    O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    O2 - BHO: (no name) - {3536d111-ba89-4a81-8750-0439e78cbdef} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
    O3 - Toolbar: (no name) - {3536d111-ba89-4a81-8750-0439e78cbdef} - (no file)
    O3 - Toolbar: (no name) - {92085AD4-F48A-450d-BD93-B28CC7DF67CE} - (no file)
    O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -


Once selected close all windows except HJT an click on Fix Checked


Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.


NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • Uninstall list
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 3rd, 2009, 5:46 pm

Uninstall list

Acrobat.com
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Adobe Shockwave Player 11.5
AIM 6
Amazing Slow Downer (remove only)
AnyToISO
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
AVS Ringtone Maker version 1.6
AVS4YOU Software Navigator 1.2
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Choice Guard
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DivX Codec
DivX Content Uploader
DivX Web Player
FrostWire 4.17.0
GearDrvs
Glary Utilities 2.7.268
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Guitar Pro 5.2
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HyperCam 2
Imikimi Plugin
ImTOO ISO Studio
IncrediMail
Intel(R) Extreme Graphics Driver
iTunes
Jasc Animation Shop 3
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
jZip
Keyboard Music 2.4
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic ISO Maker v5.5 (build 0276)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
MP3 WAV Converter 2.68
MSVCRT
Norton PC Checkup
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Picasa 3
Power Tab Editor 1.7
PowerISO
Project64 1.6
PSP Video 9 2.25
RCA Pearl (Model TH11, TC11 Series) Firmware Update Utility
Real Desktop 1.15
Real Desktop 1.42 Light
Registry Mechanic 7.0
Rhapsody Player Engine
RiffMaster Pro 3.0
Samsung Master
Samsung USB Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SeekService 1.0 build 129
Segoe UI
Smart Menus (Windows Live Toolbar)
Spyware Doctor 6.0
Symantec Technical Support Web Controls
The Weather Channel Desktop 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Versal FileDownload ActiveX Control Trial Version
vixy converter uninstall
Weather Services
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Windows XP Video Screensaver Powertoy
WinRAR archiver
Yahoo! Toolbar
ZSNESw 1.51
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)




Malwarebytes' Anti-Malware 1.41
Database version: 2900
Windows 5.1.2600 Service Pack 3

10/3/2009 5:32:57 PM
mbam-log-2009-10-03 (17-32-57).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 208491
Time elapsed: 3 hour(s), 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\MoM\Application Data\Adssite Advanced Toolbar (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Savannah\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Savannah\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Savannah\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Savannah\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Savannah\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Savannah\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Virus Professional (Rogue.Anti-VirusProfessional) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\ComboFix\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MoM\desktop\antivirus-pro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Virus Professional\noadware4_052209.na (Rogue.Anti-VirusProfessional) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Virus Professional\nutilities.dll (Rogue.Anti-VirusProfessional) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

As for RSIT, I saved the program to the desktop but received the following error upon selecting continue
"Autolt Error
Line-1
Error: Variable used without being declared"
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 3rd, 2009, 8:16 pm

Don’t worry about RSIT for the time being.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

FrostWire 4.17.0


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Remnants of this program will be removed when cleaning.

While in Add/remove please also uninstall :-
SeekService 1.0


Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
AVG
Symantec

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.

NOTE I f you are removing Symantec, in ADD/REMOVE programs, uninstall the following:-
    LiveUpdate (Symantec Corporation)
    LiveUpdate (Symantec Corporation)
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Norton PC Checkup
    Norton Security Scan
    Norton Security Scan (Symantec Corporation)
    Symantec Technical Support Web Controls

Once the above is done please reply with a NEW HJT log.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 4th, 2009, 1:08 am

I removed/uninstalled Frostwire and SeekService. I went on to the steps of uninstalling Symantec but when I tried removing Symantec Technical Support Web Controls, this error popped up.

Error 1316: A network error occured while attempting to read from the file
C:\WINDOWS\Installer\SymADataWeb[1].msi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:41 AM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - S-1-5-21-1214440339-839522115-725345543-1004 Startup: New Folder (User '?')
O4 - S-1-5-18 Startup: New Folder (User '?')
O4 - .DEFAULT Startup: New Folder (User 'Default user')
O4 - Startup: New Folder
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9541947296
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-209a4725fc671dba.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)

--
End of file - 11368 bytes
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 4th, 2009, 1:58 am

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 4th, 2009, 4:07 am

ComboFix 09-10-01.05 - Jaime 10/04/2009 3:45.2.1 - NTFSx86
Running from: c:\documents and settings\Jaime\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\335f90a8.msi
c:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-03 21:39 . 2009-10-03 21:39 -------- d-----w- C:\rsit
2009-10-03 18:19 . 2009-10-03 18:19 -------- d-----w- c:\documents and settings\Jaime\Application Data\Malwarebytes
2009-10-03 18:18 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 18:18 . 2009-10-03 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 18:18 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 18:18 . 2009-10-03 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 05:54 . 2009-10-01 05:54 -------- d-----w- c:\documents and settings\Jaime\Humongous
2009-10-01 05:48 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-01 05:31 . 2009-10-01 05:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-29 06:07 . 2009-09-29 06:07 -------- d-----w- c:\program files\Trend Micro
2009-09-29 06:07 . 2009-10-01 05:30 -------- d-----w- C:\RECYCLER(2)
2009-09-16 08:02 . 2009-09-16 08:37 -------- d-----w- c:\documents and settings\Jaime\Application Data\Real Desktop
2009-09-16 06:55 . 2009-09-16 08:34 -------- d-----w- c:\program files\Real Desktop
2009-09-08 22:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 07:38 . 2007-09-11 14:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-04 04:45 . 2009-05-22 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-04 04:29 . 2008-11-10 19:06 -------- d-----w- c:\program files\FrostWire
2009-10-01 05:30 . 2008-02-22 02:37 -------- d-----w- c:\documents and settings\Jaime\Application Data\uTorrent
2009-09-22 06:04 . 2007-09-11 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 01:12 . 2008-04-30 23:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-20 12:20 . 2009-05-22 21:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 12:19 . 2009-05-22 21:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 12:19 . 2009-05-22 21:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 21:34 . 2007-09-12 01:02 -------- d-----w- c:\program files\AIM
2009-08-11 02:14 . 2007-09-12 00:48 38784 ----a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 07:23 . 2009-08-09 07:23 -------- d-----w- c:\program files\MSBuild
2009-08-09 07:22 . 2009-08-09 07:22 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-16 160592]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-04-30 158624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-10 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-11-10 136744]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 12:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\System32\Drivers\AFPAnsi.sys [x]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-20 908056]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-20 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-22 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 20:42]

2009-10-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-19 23:35]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-839522115-725345543-1006.job
- c:\documents and settings\Savannah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-06 21:14]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.aim.com/redirects/inclient/AIM_tools.adp
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download Image with Download Manager - tbr:iemenudownload
IE: Download URL in selection with Download Manager - tbr:iemenudownsel
IE: Download URL with Download Manager - tbr:iemenudownload
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Inbox Search - tbr:iemenu
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\g77dhdnm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3514492A-13EE-4DA6-922E-5A4E407189EE} - (no file)
WebBrowser-{3536D111-BA89-4A81-8750-0439E78CBDEF} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 03:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-04 4:00
ComboFix-quarantined-files.txt 2009-10-04 07:59
ComboFix2.txt 2009-09-29 05:30

Pre-Run: 18,997,055,488 bytes free
Post-Run: 18,966,642,688 bytes free

203 --- E O F --- 2009-09-25 07:00

_____________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:01 AM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - S-1-5-21-1214440339-839522115-725345543-1004 Startup: New Folder (User '?')
O4 - S-1-5-18 Startup: New Folder (User '?')
O4 - .DEFAULT Startup: New Folder (User 'Default user')
O4 - Startup: New Folder
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9541947296
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-209a4725fc671dba.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)

--
End of file - 11291 bytes
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 4th, 2009, 4:12 am

This is the 2nd run of Combofix?

Please post the log from the first run ComboFix2.txt 2009-09-29 05:30. I will be found at C:\combofix
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 4th, 2009, 4:20 am

I think I may have deleted the first txt log to be honest :oops:
I don't know how to access the Recycle Bin from just the task manager
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 4th, 2009, 4:27 am

Hi, It won't be in the recycle bin it will be in the Combo fix folder.

Right click start the choose explore. Navigate to C:\ Combofix and look in that folder, or C:\Qoobox.

It will be there, see how you go :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 4th, 2009, 4:31 am

Ah, I found it in the Qoobox folder



ComboFix 09-09-28.01 - Jaime 09/29/2009 1:13.2.1 - NTFSx86
Running from: c:\documents and settings\Jaime\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Jaime\LOCALS~1\Temp\1.wmv
c:\documents and settings\MoM\Application Data\Adssite Advanced Toolbar
c:\documents and settings\MoM\Application Data\Adssite Advanced Toolbar\selected.xml
c:\documents and settings\MoM\Application Data\ShoppingReport
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\MoM\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Savannah\Application Data\ShoppingReport
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Savannah\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\windows\Installer\2b37fd3.msp
c:\windows\Installer\335f90a8.msi
c:\windows\Installer\a45f138.msp
c:\windows\system32\Cache

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-17 00:10 . 2009-09-28 20:10 0 ----a-r- c:\windows\win32k.sys
2009-09-16 08:02 . 2009-09-16 08:37 -------- d-----w- c:\documents and settings\Jaime\Application Data\Real Desktop
2009-09-16 08:01 . 2009-09-25 04:47 -------- d-----w- c:\program files\SeekService
2009-09-16 08:01 . 2009-09-25 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-09-16 06:55 . 2009-09-16 08:34 -------- d-----w- c:\program files\Real Desktop
2009-09-08 22:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 04:30 . 2009-05-22 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-28 04:58 . 2008-02-22 02:37 -------- d-----w- c:\documents and settings\Jaime\Application Data\uTorrent
2009-09-22 06:04 . 2007-09-11 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 01:12 . 2008-04-30 23:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-20 12:20 . 2009-05-22 21:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 12:19 . 2009-05-22 21:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 12:19 . 2009-05-22 21:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 21:34 . 2007-09-12 01:02 -------- d-----w- c:\program files\AIM
2009-08-11 02:14 . 2007-09-12 00:48 38784 ----a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 07:23 . 2009-08-09 07:23 -------- d-----w- c:\program files\MSBuild
2009-08-09 07:22 . 2009-08-09 07:22 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:17 . 2009-08-04 13:17 -------- d-----w- c:\program files\capcom
2009-08-03 23:43 . 2009-06-25 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 . !HASH: COULD NOT OPEN FILE !!!!! . 1033728 . . [------] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-16 160592]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-04-30 158624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-10 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-11-10 136744]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 12:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\System32\Drivers\AFPAnsi.sys [x]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-20 908056]
R2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [2009-09-22 54784]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-20 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-22 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 20:42]

2009-09-23 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2009-09-27 c:\windows\Tasks\At2.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2009-09-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-19 23:35]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-839522115-725345543-1006.job
- c:\documents and settings\Savannah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-06 21:14]

2009-09-25 c:\windows\Tasks\Norton Security Scan for Jaime.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.aim.com/redirects/inclient/AIM_tools.adp
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download Image with Download Manager - tbr:iemenudownload
IE: Download URL in selection with Download Manager - tbr:iemenudownsel
IE: Download URL with Download Manager - tbr:iemenudownload
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Inbox Search - tbr:iemenu
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\g77dhdnm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{3536d111-ba89-4a81-8750-0439e78cbdef} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
Toolbar-{3536d111-ba89-4a81-8750-0439e78cbdef} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3514492A-13EE-4DA6-922E-5A4E407189EE} - (no file)
WebBrowser-{3536D111-BA89-4A81-8750-0439E78CBDEF} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-Aim6 - (no file)
SafeBoot-Wdf01000.sys
AddRemove-Windows Live Toolbar - c:\program files\Windows Live Toolbar\UnInstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 01:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-29 1:29
ComboFix-quarantined-files.txt 2009-09-29 05:28

Pre-Run: 19,955,978,240 bytes free
Post-Run: 19,923,054,592 bytes free

235 --- E O F --- 2009-09-25 07:00
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 4th, 2009, 4:53 am

Please give me an update of how things are running after doing the following.


Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O4 - S-1-5-21-1214440339-839522115-725345543-1004 Startup: New Folder (User '?')
    O4 - S-1-5-18 Startup: New Folder (User '?')
    O4 - .DEFAULT Startup: New Folder (User 'Default user')
    O4 - Startup: New Folder
    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)


Once selected close all windows except HJT an click on Fix Checked


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    c:\program files\FrostWire
    c:\program files\Common Files\Symantec Shared
    c:\documents and settings\Jaime\Application Data\uTorrent
    c:\\Program Files\\uTorrent
    
    FCopy::
    c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
    c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
     
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 4th, 2009, 10:41 pm

The taskbar came back as well as my desktop icons :)


switches used :: c:\documents and settings\Jaime\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Program Files\\uTorrent
c:\\Program Files\\uTorrent\uTorrent.exe
c:\documents and settings\Jaime\Application Data\uTorrent
c:\documents and settings\Jaime\Application Data\uTorrent\(PC) - DOOM II (CCD).torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Amebix (UK) - Discography [mp3@128-192] [Crust Punk-Speed Metal].torrent
c:\documents and settings\Jaime\Application Data\uTorrent\AMEBIX.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Avery Wizard for Microsoft Office Word 2003 2.1 Incl Keygen.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Backyard Baseball 09 [English][PC][WwW.GamesTorrents.CoM].torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Daughters.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\dc_bios.bin.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\dht.dat
c:\documents and settings\Jaime\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Jaime\Application Data\uTorrent\DOOM II (1994) - Original Disk.iso.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Gex (PC).torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Guitar Pro 5.2 (including 52.552 gtp's).torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Guitar Pro 5.2 + Keygen.rar.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Metal Gear Saga [Volumes 1&2].torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Microsoft Word Keygen 2008.rar.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Microsoft Word Keygen.zip.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Microsoft Word Professional + Keygen.exe.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Nile - Discografía [heavytorrents.org].torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Resident Evil.rar.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\RESIDENT.EVIL.3.NEMESIS.[PAL].[PS1][.ISO].nfo.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\resume.dat
c:\documents and settings\Jaime\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Jaime\Application Data\uTorrent\settings.dat
c:\documents and settings\Jaime\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Jaime\Application Data\uTorrent\Slipknot - All Hope Is Gone.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Spyro The Dragon.rar.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\spyware-doctor serial.txt.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\The Faceless Ancient Covenant and New Song (2008).torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Tim and Eric Awesome Show, Great Job! - Season 1.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Tim and Eric Awesome Show, Great Job! Season 3.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Tim and Eric Season 2.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\Tim and Eric, Awesome Show, Great Job - Seasons 1-3 + Extras.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\timanderic.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\UFC-6 Clash Of The Titans.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\UFC-8 David Vs. Goliath.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\UFC 9&10.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\UFC.97.Redemption.PPV.HDTV.XviD-aAF.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\ULTIMATE FIGHTING UFC 5 MMA 1995.torrent
c:\documents and settings\Jaime\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Jaime\Application Data\uTorrent\Whitechapel-This_Is_Exile-_Advance_-2008-FNT_mediaportal_by_Jho.torrent
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Support Controls\clt05PIN.dll
c:\program files\Common Files\Symantec Shared\Support Controls\clt06PIN.dll
c:\program files\Common Files\Symantec Shared\Support Controls\Microsoft.VC80.CRT.manifest
c:\program files\Common Files\Symantec Shared\Support Controls\msvcm80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcp80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcr80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\nprdtinf.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctrlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
c:\program files\Common Files\Symantec Shared\Support Controls\sslisten.exe
c:\program files\Common Files\Symantec Shared\Support Controls\ssrunsa.exe
c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymaDataDelivery\ccL70U.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymaDataDelivery\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDS9xx86.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSVia64.cat
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSVia64.INF
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSviA64.sys
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSVix86.cat
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSVix86.INF
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSvix86.sys
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\IDSxpx86.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\Scxpx86.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\SymIDSco.sys
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\SymIDSco.vxd
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081203.001\SymIDSI.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDS9xx86.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSVia64.cat
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSVia64.INF
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSviA64.sys
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSVix86.cat
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSVix86.INF
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSvix86.sys
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\IDSxpx86.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\Scxpx86.dll
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\SymIDSco.sys
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\SymIDSco.vxd
c:\program files\Common Files\Symantec Shared\SymcData\ipsdefs\20081204.003\SymIDSI.dll
c:\program files\FrostWire
c:\program files\FrostWire\'Jingle Bells' by Bing Crosby with The Andrews Sisters - Traditional Christmas Classics.mp3
c:\program files\FrostWire\(Christmas Songs) Walking In A Winter Wonderland - Nat King Cole & Dean Martin.mp3
c:\program files\FrostWire\01 Kiss - Psyco Circus.mp3
c:\program files\FrostWire\02 Nine Lives.wma
c:\program files\FrostWire\16 Bringin' on the Heartbreak.wma
c:\program files\FrostWire\207_Scorpions-Rhythm_of_love.mp3
c:\program files\FrostWire\213_Scorpions-Send_me_a_angel.mp3
c:\program files\FrostWire\80s big hair bands - Whitesnake - Here I Go Again.mp3
c:\program files\FrostWire\AC- DC - Touch Too Much.mp3
c:\program files\FrostWire\AC-DC - Rock n' Roll Ain't Noise Pollution.mp3
c:\program files\FrostWire\Ac dc - ACDC - Back in black.mp3
c:\program files\FrostWire\AC DC - ACDC - For Those About To Rock.mp3
c:\program files\FrostWire\ACDC - AC-DC - Who Made Who.mp3
c:\program files\FrostWire\ACDC - DC - Hells Bells.mp3
c:\program files\FrostWire\Acdc - Dirty Deeds Done Dirt Cheap.mp3
c:\program files\FrostWire\ACDC - Have A Drink On Me.mp3
c:\program files\FrostWire\ACDC - Let There Be Rock.mp3
c:\program files\FrostWire\ACDC - Shoot To Thrill.mp3
c:\program files\FrostWire\ACDC - you shook me all night long - AC-DC.mp3
c:\program files\FrostWire\All 4 One - All my life, I've prayed for someone like you(1).mp3
c:\program files\FrostWire\All 4 One - I can love you like that.mp3
c:\program files\FrostWire\Alter Bridge - Open Your Eyes.mp3
c:\program files\FrostWire\Altered Bridge - Broken Wings.mp3
c:\program files\FrostWire\Alvin & The Chimpmunks - Deck The Halls, We Wish You A Merry Christmas (Alvin & The Chipmunks).mp3
c:\program files\FrostWire\Alvin & The Chimpmunks - It's Beginning To Look A Lot Like Christmas.mp3
c:\program files\FrostWire\Alvin & The Chimpmunks - We Wish You A Merry Christmas.mp3
c:\program files\FrostWire\Alvin and the Chimpmunks - Christmas Don't Be Late).mp3
c:\program files\FrostWire\Alvin And The Chimpmunks - The Christmas Song.mp3
c:\program files\FrostWire\Alvin and the Chipmunks - Christmas Time Is Here.mp3
c:\program files\FrostWire\Alvin and the Chipmunks - Hula Hoop - Christmas Song.mp3
c:\program files\FrostWire\Alvin and the Chipmunks - Please Christmas Dont Be Late.mp3
c:\program files\FrostWire\Ashanti - Only You.mp3
c:\program files\FrostWire\Audio Books - Sylvia Browne - Access.mp3
c:\program files\FrostWire\Audio Books Sylvia Browne - Spirituality & Psychic Intuition.mp3
c:\program files\FrostWire\Billy Squire - Everybody Wants You.mp3
c:\program files\FrostWire\Billy Squire - In The Dark.mp3
c:\program files\FrostWire\Billy Squire - My Kind Of Lover.MP3
c:\program files\FrostWire\Billy Squire - The Stroke.mp3
c:\program files\FrostWire\Bing Crosby - Christmas Classics - Frosty The Snowman.mp3
c:\program files\FrostWire\Bing Crosby - I'll Be Home For Christmas (with Frank Sinatra & Nat King Cole).mp3
c:\program files\FrostWire\Bing Crosby - It's Beginning to Look Like Christmas.mp3
c:\program files\FrostWire\Bing Crosby - Santa Clause Is Coming To Town.mp3
c:\program files\FrostWire\Bing Crosby, Frank Sinatra & Nat King Cole - Have A Holly Jolly Christmas.mp3
c:\program files\FrostWire\Black Sabbath - Ozzy Ozbourne - No More Tears.mp3
c:\program files\FrostWire\Bob Carlisle - Christmas Shoes .mp3
c:\program files\FrostWire\Brian Mcnight - Back at one.mp3
c:\program files\FrostWire\Brian McNight - Do I Ever Cross Your Mind.mp3
c:\program files\FrostWire\Burl Ives - Rudolph The Red-Nosed Reindeer - Traditional Christmas Classics - 03.mp3
c:\program files\FrostWire\bush - glycerine.mp3
c:\program files\FrostWire\Bush - Little Things.mp3
c:\program files\FrostWire\Charlie Brown - Peanuts Christmas Music.mp3
c:\program files\FrostWire\Charlie Brown - Snoopy's Christmas.mp3
c:\program files\FrostWire\Charlie Brown Christmas - Schroder Piano Theme.mp3
c:\program files\FrostWire\Cheech and Chong - Cheech's Christmas Song.mp3
c:\program files\FrostWire\Childrens Songs - Alvin & The Chipmunks - 12 Days Of Christmas.mp3
c:\program files\FrostWire\Chris Daughtry - Feels Like Tonight.mp3
c:\program files\FrostWire\Chris Daughtry - It's Not Over.mp3
c:\program files\FrostWire\Chris Daughtry - What About Now.mp3
c:\program files\FrostWire\Christmas- Alvin & The Chimpmunks -- Rudolph the Red Nosed Raindeer.mp3
c:\program files\FrostWire\Christmas - Alvin & The Chipmunks - Here Comes Santa Clause.mp3
c:\program files\FrostWire\christmas carols - alvin and the chipmunks - we wish you a merry christmas.mp3
c:\program files\FrostWire\Christmas Carols - We Three King1s.mp3
c:\program files\FrostWire\Christmas Classics - It's Beginning To Look A Lot Like Christmas.mp3
c:\program files\FrostWire\Christmas Classics - Perry Como - There's No Place Like Home For The Holidays.mp3
c:\program files\FrostWire\Christmas Kids Songs - Deck The Halls, We Wish You A Merry Christmas (Alvin & The Chipmunks).mp3
c:\program files\FrostWire\Christmas Music-Bing Crosby - White Christmas.mp3
c:\program files\FrostWire\Christmas Music - Adam Sandler - The Hanukkah Song Part 3 - Eight Crazy Nights.mp3
c:\program files\FrostWire\Christmas Music - Burl Ives - Have A Holly Jolly Christmas.mp3
c:\program files\FrostWire\christmas music - Dear Santa ~ Tim McGraw.mp3
c:\program files\FrostWire\Christmas Music - Elvis Presley - Blue Christmas.(Chrismas Songs).(15).mp3
c:\program files\FrostWire\Christmas music - Harry Connick, Jr. - Let It Snow! Let It Snow! Let It Snow!.mp3
c:\program files\FrostWire\Christmas Music - Jose Feliciano - Feliz Navidad.mp3
c:\program files\FrostWire\Christmas Music - Kenny G - Silver Bells.mp3
c:\program files\FrostWire\Christmas Music - Let It Snow! Let It Snow! Let It Snow! - Dean Martin.mp3
c:\program files\FrostWire\Christmas Music - Luther Vandross - Have Yourself A Merry Little Christmas.mp3
c:\program files\FrostWire\christmas music - Nat King Cole - The First Noel.mp3
c:\program files\FrostWire\Christmas Music - Trans-Siberian Orchestra - The little drummer boy.mp3
c:\program files\FrostWire\Christmas Songs- Burl Ives-Silverbells.mp3
c:\program files\FrostWire\Christmas Songs - funny - Grandma Got Run Over By A Reindeer.mp3
c:\program files\FrostWire\Christmas songs - Burl Ives- Have a holly jolly christmas.mp3
c:\program files\FrostWire\Christmas Songs - Burl Ives - Frosty The Snowman.mp3
c:\program files\FrostWire\Christmas Songs - Burl Ives - Little Drummer Boy.mp3
c:\program files\FrostWire\Christmas songs - Burl Ives - Rudolph The Red Nosed Raindeer.mp3
c:\program files\FrostWire\christmas songs - Burl Ives - Silver And Gold.mp3
c:\program files\FrostWire\Christmas songs - David Bowie & Bing Crosby - Peace On Earth - Little Drummer Boy (Full Version).mp3
c:\program files\FrostWire\Christmas Songs - Do You Hear What I hear-Burle Ives.mp3
c:\program files\FrostWire\Christmas Songs - Faith Hill - O Holy Night.mp3
c:\program files\FrostWire\Christmas Songs - George Strait - Frosty the Snowman - Country Christmas Music.mp3
c:\program files\FrostWire\Christmas Songs - Grandma Got Run Over By A Raindeer.mp3
c:\program files\FrostWire\Christmas Songs - Have A Holly Jolly Christmas - Bing Crosby, Frank Sinatra & Nat King Cole.mp3
c:\program files\FrostWire\Christmas Songs - Nat King Cole - Chestnuts Roasting On An Open Fire.mp3
c:\program files\FrostWire\Christmas songs - Nat King Cole - The First Noel.mp3
c:\program files\FrostWire\Christmas Songs - Reba McEntire - Up On The Housetop.mp3
c:\program files\FrostWire\Christmas Songs - Walking In A Winter Wonderland - Nat King Cole & Dean Martin.mp3
c:\program files\FrostWire\Christmass--Alvin & The Chipmunks - Rudolf The Red Nose Reindeer(with Gene Autry).mp3
c:\program files\FrostWire\Cinderela - Nobodys Fool.mp3
c:\program files\FrostWire\Classic Xmas-Nat King Cole - Christmas Songs - Deck the Halls.mp3
c:\program files\FrostWire\Counting Crows - Mr. Jones.mp3
c:\program files\FrostWire\Creed- With Arms Wide Open.mp3
c:\program files\FrostWire\Creed - My Sacrafice.mp3
c:\program files\FrostWire\Creed - One Last Breath.mp3
c:\program files\FrostWire\creed - Six Feet From the Edge.mp3
c:\program files\FrostWire\Dan Hill & Vonda Shepard - Can't We Try.mp3
c:\program files\FrostWire\David Cook - Light On.mp3
c:\program files\FrostWire\Deep Purple - Knocking At Your Back Door.mp3
c:\program files\FrostWire\Deep Purple - Perfect Strangers.mp3
c:\program files\FrostWire\Def lepard - Def leppard - Lets get rocked.mp3
c:\program files\FrostWire\Def Lepard - Hysteria.mp3
c:\program files\FrostWire\Def Lepard - Let's Get Rocked.mp3
c:\program files\FrostWire\Def Leppard-Rock On.mp3
c:\program files\FrostWire\Def Leppard - Animal.mp3
c:\program files\FrostWire\Def Leppard - Armageddon It.mp3
c:\program files\FrostWire\Def Leppard - Bringing on the Heartbreak.mp3
c:\program files\FrostWire\Def Leppard - Foolin.mp3
c:\program files\FrostWire\Def Leppard - Have you ever needed someone so bad.mp3
c:\program files\FrostWire\Def Leppard - High n' Dry.mp3
c:\program files\FrostWire\def leppard - hysteria.mp3
c:\program files\FrostWire\Def Leppard - I Wanna Touch You.mp3
c:\program files\FrostWire\Def Leppard - Let It Go.mp3
c:\program files\FrostWire\Def Leppard - Love Bites.mp3
c:\program files\FrostWire\Def Leppard - Mirror, Mirror.mp3
c:\program files\FrostWire\Def Leppard - Photograph.mp3
c:\program files\FrostWire\Def Leppard - Pour Some Sugar On Me.mp3
c:\program files\FrostWire\Def Leppard - Pyromania.mp3
c:\program files\FrostWire\Def Leppard - Tonight.mp3
c:\program files\FrostWire\Def Leppard - When Love And Hate Collide.mp3
c:\program files\FrostWire\Def Leppard - Women.mp3
c:\program files\FrostWire\Def Lepperd - Rock Of Ages.mp3
c:\program files\FrostWire\Deff Leppard - Make Love like a Man.mp3
c:\program files\FrostWire\Dishwalla - Counting Blue Cars.mp3
c:\program files\FrostWire\Disturbed - Down With The Sickness.mp3
c:\program files\FrostWire\Disturbed - Stricken.mp3
c:\program files\FrostWire\Do You Hear What I Hear- - Morman Tabernacle Choir, Sarah Vaughn & Samuel Ramey - Christmas - Carols Of Christmas.mp3
c:\program files\FrostWire\Dokken - Alone Again.mp3
c:\program files\FrostWire\Dokken - Breaking The Chains.mp3
c:\program files\FrostWire\Dokken - Dream Warriors.mp3
c:\program files\FrostWire\Dokken - In My Dreams.mp3
c:\program files\FrostWire\Dokken - Just Got Lucky.mp3
c:\program files\FrostWire\Dr. D Xmas - Looney Tunes - Daffy Duck - All I Want For Christmas.mp3
c:\program files\FrostWire\Elmo & Patsy - Grandma Got Run Over By A Reindeer - Greatest Children's Christmas Hits - 08.mp3
c:\program files\FrostWire\Elvis Presley - All Shook Up.mp3
c:\program files\FrostWire\Elvis Presley - Can't Help Falling in Love with You(1)(1).mp3
c:\program files\FrostWire\Elvis Presley - Crazy Little Thing Called Love.mp3
c:\program files\FrostWire\Elvis Presley - If I Could Dream.mp3
c:\program files\FrostWire\Elvis Presley - In The Ghetto.mp3
c:\program files\FrostWire\Elvis Presley - It's Now Or Never.mp3
c:\program files\FrostWire\Elvis Presley - Jailhouse Rock.mp3
c:\program files\FrostWire\Elvis Presley - Kentucky Rain.mp3
c:\program files\FrostWire\Elvis Presley - One Night With You.mp3
c:\program files\FrostWire\Elvis Presley - Only Fools Rush In.mp3
c:\program files\FrostWire\Elvis Presley - Suspicious Minds.mp3
c:\program files\FrostWire\Elvis Presley - Teddy Bear.mp3
c:\program files\FrostWire\Elvis Presley - That's Alright Mama.mp3
c:\program files\FrostWire\Elvis Presley - The Little Drummer Boy.mp3
c:\program files\FrostWire\Elvis Presley - Trouble.mp3
c:\program files\FrostWire\Elvis Presley & Bing Crosby - Im Dreaming Of A White Christmas (Chrismas Songs) (15).mp3
c:\program files\FrostWire\Evanescence- My Immortal.mp3
c:\program files\FrostWire\Evanescence - Bring Me To Life .mp3
c:\program files\FrostWire\Evanesence - Call Me When You're Sober.mp3
c:\program files\FrostWire\Evanesence - Sweet Sacrifice.mp3
c:\program files\FrostWire\Faith Hill & Tim McGraw - Its Your Love.mp3
c:\program files\FrostWire\Faith Hill & Tim Mcgraw - Like We Never Loved At All.mp3
c:\program files\FrostWire\FAiTH HiLL && TiM MGRAW -- LETS MAKE LOVE.mp3
c:\program files\FrostWire\Flute-Native american Relaxing and Soothing Sounds - Shakuhachi (Japanese Flute) Meditation Music.mp3
c:\program files\FrostWire\Frank Sinatra - & Bing Crosby- Have Yourself A Merry Little Christmas - xmas songs.mp3
c:\program files\FrostWire\Fuel - Falls On Me.mp3
c:\program files\FrostWire\Fuel - Had A Bad Day Again.mp3
c:\program files\FrostWire\Fuel - Hemorrhage.mp3
c:\program files\FrostWire\Fuel - Won't Back Down.mp3
c:\program files\FrostWire\FUNNY Christmas Songs - Redneck 12 Days Of Christmas - Jeff Foxworthy.mp3
c:\program files\FrostWire\Garth Brooks - I've Got Friends in Low Places.mp3
c:\program files\FrostWire\Garth Brooks - If Tomorrow Never Comes.mp3
c:\program files\FrostWire\Garth Brooks - The Dance.mp3
c:\program files\FrostWire\Garth Brooks - Thunder Rolls.mp3
c:\program files\FrostWire\GooGoo Dolls - Here is Gone - Smallville Soundtrack.mp3
c:\program files\FrostWire\Googoo Dolls - I'll Be.mp3
c:\program files\FrostWire\Googoo Dolls - I Wanna Wake Up Where You Are.mp3
c:\program files\FrostWire\Googoo Dolls - Iris.mp3
c:\program files\FrostWire\Googoo Dolls - Slide.mp3
c:\program files\FrostWire\Have Yourself A Merry Little Christmas.mp3
c:\program files\FrostWire\I Want You, I Need You, I Love You Elvis Presley Classic Country - Golden 50's - Disk Two 08 Christmas Songs 128kbps.mp3
c:\program files\FrostWire\Incubus - Dig.mp3
c:\program files\FrostWire\Jackie Wilson - Your Love Keeps Lifting Me Higher - Motown 1.mp3
c:\program files\FrostWire\jarule ft ashantie & r. kelly - wonderfull.mp3
c:\program files\FrostWire\john micheal montgomery - i can love you like that.mp3
c:\program files\FrostWire\John Micheal Montgomery - I Swear.mp3
c:\program files\FrostWire\Johnny Gill - Rub You The Right Way.mp3
c:\program files\FrostWire\Josh Groban - Silent Night.mp3
c:\program files\FrostWire\Journey- Girl Can't Help It.mp3
c:\program files\FrostWire\Journey- When You Love a Woman.mp3
c:\program files\FrostWire\Journey-Steve Perry - Oh sherry.mp3
c:\program files\FrostWire\Journey - After the Fall.mp3
c:\program files\FrostWire\Journey - Any Way You Want It.mp3
c:\program files\FrostWire\Journey - Ask the Lonely.mp3
c:\program files\FrostWire\Journey - Be Good To Yourself.mp3
c:\program files\FrostWire\Journey - Don't Stop Believing.mp3
c:\program files\FrostWire\Journey - Faithfully.mp3
c:\program files\FrostWire\Journey - Foolish Heart.mp3
c:\program files\FrostWire\Journey - Girl Can't Help It.mp3
c:\program files\FrostWire\Journey - I'll Be Alright Without You.mp3
c:\program files\FrostWire\Journey - Loving, Touching, Squeezing.mp3
c:\program files\FrostWire\Journey - Midnight Train.mp3
c:\program files\FrostWire\Journey - Oh sherry.mp3
c:\program files\FrostWire\Journey - Only The Young.mp3
c:\program files\FrostWire\Journey - Open Arms.mp3
c:\program files\FrostWire\Journey - Send Her My Love.mp3
c:\program files\FrostWire\Journey - Seperate Ways.mp3
c:\program files\FrostWire\Journey - Stone In Love.mp3
c:\program files\FrostWire\Journey - Wheel In The Sky.mp3
c:\program files\FrostWire\Journey - Wheels In The Sky.mp3
c:\program files\FrostWire\Journey - When The Lights Go Down In The City.mp3
c:\program files\FrostWire\Journey - Who's Crying Now.mp3
c:\program files\FrostWire\journey greatest hits MTV.mp3
c:\program files\FrostWire\Judas Priest - Breaking the Law.mp3
c:\program files\FrostWire\Judas Priest - Headin' Out To The Highway.mp3
c:\program files\FrostWire\Judas Priest - Heading Out To The Highway.mp3
c:\program files\FrostWire\Judas Priest - Living After Midnight.mp3
c:\program files\FrostWire\Judas Priest - Turbo Lover.mp3
c:\program files\FrostWire\Judas Priest - You Got Another Thing Coming.mp3
c:\program files\FrostWire\Keith Sweat f. LSG - My Body(1).mp3
c:\program files\FrostWire\Keith Sweat f. LSG - My Body.mp3
c:\program files\FrostWire\Kiss - I Wanna Rock & Roll All Night.mp3
c:\program files\FrostWire\Krokus-Screaming in the Night.mp3
c:\program files\FrostWire\Limp Bizkit - Eat You Alive.mp3
c:\program files\FrostWire\Lita Ford and Ozzy Ozbourne - If I Close My Eyes Forever.mp3
c:\program files\FrostWire\Little Drummer Boy-Peace On Earth - Bing Crosby & David Bowie - Now That's What I Call Christmas! (Disc 1).mp3
c:\program files\FrostWire\Little Drummer Boy-Peace On Earth - Bing Crosby & David Bowie - Now That's What I Call Christmas! (Disc 1)B.mp3
c:\program files\FrostWire\Live - Lightning Crashes.mp3
c:\program files\FrostWire\Live - When The Dolphins Cry.mp3
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\Loreena Mckennit - The Mummers Dance.mp3
c:\program files\FrostWire\Michael Bolton - Can I Touch You...There.mp3
c:\program files\FrostWire\Michael Bolton - When A Man Loves A Woman.mp3
c:\program files\FrostWire\Micheal Bolton - Soul Provider.mp3
c:\program files\FrostWire\microsoft front page & serial.zip
c:\program files\FrostWire\Microsoft Office 2003 Front Page Pro & Serial.zip
c:\program files\FrostWire\Motley Crue - Dr. Feelgood.mp3
c:\program files\FrostWire\Motley Crue - Looks that Kill.mp3
c:\program files\FrostWire\Motley Crue - Shout At The Devil.mp3
c:\program files\FrostWire\Motley Crue - The Saints of Los Angeles.mp3
c:\program files\FrostWire\Motley Crue - Too Young To Fall In Love.mp3
c:\program files\FrostWire\Motown - Marvin Gaye - Sexual Healing.mp3
c:\program files\FrostWire\Motown - Spinners - Could It Be I'm Falling In Love - The Best Of The 70s & 80s - 08.mp3
c:\program files\FrostWire\Motown - Spinners - I'll be There.mp3
c:\program files\FrostWire\Motown - Temptations - Just My Imagination.mp3
c:\program files\FrostWire\Motown Smokey Robinson - Everlasting Love.mp3
c:\program files\FrostWire\Nat King Cole - Hark the Herald Angels Sing.mp3
c:\program files\FrostWire\Nat King Cole - Little Drummer Boy.mp3
c:\program files\FrostWire\Nat King Cole - O Come All Ye Faithful.mp3
c:\program files\FrostWire\Nat King Cole - Oh Christmas Tree.mp3
c:\program files\FrostWire\Nat King Cole - Oh Holy Night.mp3
c:\program files\FrostWire\Natalie Cole - Silent Night [ The London Symphony Orchestra ).mp3
c:\program files\FrostWire\Native American - Indian Chants -Pure Moods...mp3.mp3
c:\program files\FrostWire\Native American Indian Flute - Carlos Nakai - On Eagle's Wings.mp3
c:\program files\FrostWire\Native American Indian Flute - Meditation Music - Carlos Nakai.mp3
c:\program files\FrostWire\Native American Indian Flute - Sacred Spirits - Earth Drums .mp3
c:\program files\FrostWire\New Edition- Hot 2Nite.mp3
c:\program files\FrostWire\New Edition - Hit Me Off.mp3
c:\program files\FrostWire\New Edition - Tender Roni.mp3
c:\program files\FrostWire\Nickelback - If Everyone Cared.mp3
c:\program files\FrostWire\old school slow jams - Jodeci - Forever My Lady.mp3
c:\program files\FrostWire\Outfield - I Don't Want To Loose Your Love Tonight.mp3
c:\program files\FrostWire\Ozzy Osbourne - Flying High Again.mp3
c:\program files\FrostWire\Ozzy Ozbourne - Crazy Train .mp3
c:\program files\FrostWire\Ozzy Ozbourne - Shot In Dark.mp3
c:\program files\FrostWire\Ozzy Ozbourne - Ultimate Sin.mp3
c:\program files\FrostWire\Peanuts- A Charlie Brown Chistmas - christmas time is here.mp3
c:\program files\FrostWire\Pure Moods - Sounds of Nature - Ocean Thunderstorm.mp3
c:\program files\FrostWire\Rainbow - Since You've Been Gone.mp3
c:\program files\FrostWire\Rainbow - Stone cold.mp3
c:\program files\FrostWire\Reba McEntire - Country Christmas - B - 24 - Silent Night.mp3
c:\program files\FrostWire\Relaxation - Pure Moods - Sounds of Nature - Electrifying Thunderstorms.mp3
c:\program files\FrostWire\relaxation - Sounds of Nature - Incan Pan Pipes - Native American Flute.mp3
c:\program files\FrostWire\Rob Zombie - Dragula.mp3
c:\program files\FrostWire\S.B. Sylvia Browne - Audio Books - Making Contact with the Other Side - 2 Of 2.mp3
c:\program files\FrostWire\S.B. Sylvia Browne - Contact Your Spirit Guide - Meditation.mp3
c:\program files\FrostWire\S.B. Sylvia Browne - Intuitions & Phenomena Hour.mp3
c:\program files\FrostWire\Scorpions - No One Like You(1).mp3
c:\program files\FrostWire\Scorpions - Send Me An Angel.mp3
c:\program files\FrostWire\seenMessages.dat
c:\program files\FrostWire\Seether feat. Amy Lee of Evanescence - Broken.mp3
c:\program files\FrostWire\Sisters of Mercy - Cry Little Sister - The Lost Boys Soundtrack.mp3
c:\program files\FrostWire\Sleeping Music - Relaxation Pure Moods-Healing Music- Sounds of Nature With Instrumentals - Forest Piano - Rain On The Pond 1.mp3
c:\program files\FrostWire\Spinners - Could It Be I'm Falling In Love.mp3
c:\program files\FrostWire\staind - Im on the Outside Looking in.mp3
c:\program files\FrostWire\Stained - So Far Away.mp3
c:\program files\FrostWire\Steve Perry & Journey - When You Love A Woman.mp3
c:\program files\FrostWire\Stone Sour - Bother.mp3
c:\program files\FrostWire\Styx - Dream Weaver.mp3
c:\program files\FrostWire\Styxx - Lady.mp3
c:\program files\FrostWire\Sylvia Browne - Angels and Spirit Guides - 2 of 4.mp3
c:\program files\FrostWire\Sylvia Browne - Book of Dreams (Astral Projection).mp3
c:\program files\FrostWire\Sylvia Browne - Making Contact with the Other Side - 2 Of 2.mp3
c:\program files\FrostWire\The Four Tops - I Can't Help Myself - The Ultimate Jukebox Hits Of The '60s, Vols. 4 & 5 - 06.mp3
c:\program files\FrostWire\The Little Drummer Boy - Traditional Christmas Classics.mp3
c:\program files\FrostWire\The Marvelettes - Your Love Can Save Me - 02 - This Is Northern Soul! A Collection Of 24 Tamla Motown Northern Soul, Vol. 3.mp3
c:\program files\FrostWire\The Peanuts Gang - Hark, The Herald Angels Sing - A Charlie Brown Christmas-00.mp3
c:\program files\FrostWire\The Scorpions - Rock You Like a Hurricane.mp3
c:\program files\FrostWire\The Spinners - Honey You Are My Shining Star.mp3
c:\program files\FrostWire\The Spinners - I'll Be Around.mp3
c:\program files\FrostWire\Three Days Grace - I Hate Everything About You(1).mp3
c:\program files\FrostWire\Three Days Grace - Never Too Late.mp3
c:\program files\FrostWire\Three Doors Down - It's Not My Time.mp3
c:\program files\FrostWire\Thumbs.db
c:\program files\FrostWire\Tim McGraw & Faith Hill - I Need You .mp3
c:\program files\FrostWire\Trans Siberian Christmas - Carol of the Bells - Trans-Siberian Orchestra (1).mp3
c:\program files\FrostWire\Uncle Cracker- Drift Away.mp3
c:\program files\FrostWire\Uriah Heep - Thats the way that it is.mp3
c:\program files\FrostWire\Usher - You Got It Bad.mp3
c:\program files\FrostWire\Van Halan - Aint Talking About Love.mp3
c:\program files\FrostWire\Van Halen - And The Cradle Will Rock.mp3
c:\program files\FrostWire\Van Halen - Girl You Really Got Me Now.mp3
c:\program files\FrostWire\Van Halen - Higher And Higher.mp3
c:\program files\FrostWire\Van Halen - Jamie's Crying.mp3
c:\program files\FrostWire\Van Halen - Love Walks In.mp3
c:\program files\FrostWire\Van Halen - Pretty Woman.mp3
c:\program files\FrostWire\Van Halen - Right Now.mp3
c:\program files\FrostWire\Van Halen - Running With The Devil.mp3
c:\program files\FrostWire\Van Halen - Why Cant This Be Love.mp3
c:\program files\FrostWire\Warrant - Uncle Tom's Cabin.mp3
c:\program files\FrostWire\Wham - Last Christmas.mp3
c:\program files\FrostWire\White Lion - You're All I Need.mp3
c:\program files\FrostWire\Whitesnake - Give Me All Your Love Tonight.mp3
c:\program files\FrostWire\Whitesnake - Is This Love.mp3
c:\program files\FrostWire\WhiteSnake - Love Ain't No Stranger.mp3
c:\program files\FrostWire\Whitesnake - Slide It In.mp3
c:\program files\FrostWire\Whitesnake - Slow and Easy.mp3
c:\program files\FrostWire\Whitesnake - Still Of The Night.mp3
c:\program files\FrostWire\Whitesnake - The Deeper The Love.mp3
c:\program files\FrostWire\Yanni - Pure Moods II -- Meditation Nightengale .mp3
c:\program files\FrostWire\ZZ Top - Gimmie All Your Lovin.mp3
c:\program files\FrostWire\ZZ Top - Legs.mp3
c:\program files\FrostWire\ZZ Top - Mustang Sally.mp3
c:\program files\FrostWire\ZZ Top - Sharp Dressed Man.mp3
c:\program files\FrostWire\ZZTop - Cheap Sunglasses.mp3

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-03 21:39 . 2009-10-03 21:39 -------- d-----w- C:\rsit
2009-10-03 18:19 . 2009-10-03 18:19 -------- d-----w- c:\documents and settings\Jaime\Application Data\Malwarebytes
2009-10-03 18:18 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 18:18 . 2009-10-03 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 18:18 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 18:18 . 2009-10-03 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 05:54 . 2009-10-01 05:54 -------- d-----w- c:\documents and settings\Jaime\Humongous
2009-10-01 05:48 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-01 05:31 . 2009-10-01 05:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-29 06:07 . 2009-09-29 06:07 -------- d-----w- c:\program files\Trend Micro
2009-09-29 06:07 . 2009-10-01 05:30 -------- d-----w- C:\RECYCLER(2)
2009-09-16 08:02 . 2009-09-16 08:37 -------- d-----w- c:\documents and settings\Jaime\Application Data\Real Desktop
2009-09-16 06:55 . 2009-09-16 08:34 -------- d-----w- c:\program files\Real Desktop
2009-09-08 22:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 04:45 . 2009-05-22 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-22 06:04 . 2007-09-11 12:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 01:12 . 2008-04-30 23:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-20 12:20 . 2009-05-22 21:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 12:19 . 2009-05-22 21:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 12:19 . 2009-05-22 21:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 21:34 . 2007-09-12 01:02 -------- d-----w- c:\program files\AIM
2009-08-11 02:14 . 2007-09-12 00:48 38784 ----a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 07:23 . 2009-08-09 07:23 -------- d-----w- c:\program files\MSBuild
2009-08-09 07:22 . 2009-08-09 07:22 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-04_07.56.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-04 16:12 . 2009-10-04 16:12 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2009-09-29 04:33 . 2009-10-04 16:12 226169 c:\windows\system32\inetsrv\MetaBase.bin
+ 2003-03-31 12:00 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2007-06-13 11:26 . 2008-04-14 00:12 1033728 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-16 160592]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-04-30 158624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-10 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-11-10 136744]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 12:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\System32\Drivers\AFPAnsi.sys [x]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-20 908056]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-20 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-22 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 20:42]

2009-10-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-19 23:35]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-839522115-725345543-1006.job
- c:\documents and settings\Savannah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-06 21:14]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.aim.com/redirects/inclient/AIM_tools.adp
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download Image with Download Manager - tbr:iemenudownload
IE: Download URL in selection with Download Manager - tbr:iemenudownsel
IE: Download URL with Download Manager - tbr:iemenudownload
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Inbox Search - tbr:iemenu
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\g77dhdnm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 12:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-04 12:38
ComboFix-quarantined-files.txt 2009-10-04 16:37
ComboFix2.txt 2009-10-04 08:00
ComboFix3.txt 2009-09-29 05:30

Pre-Run: 18,965,880,832 bytes free
Post-Run: 18,911,592,448 bytes free

647 --- E O F --- 2009-09-25 07:00










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:36 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9541947296
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-209a4725fc671dba.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10858 bytes
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby muppy03 » October 4th, 2009, 11:33 pm

Any problems or symptoms?


1. Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)
    Click Exit on the Main menu to close the program.

2. Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 16
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code: Select all
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
     
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-
  • Kaspersky log
  • New HJT log
  • Update of any problems
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: lost my desktop icons and taskbar [hijackthis log inside]

Unread postby oftheinstinct » October 5th, 2009, 11:16 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:08 AM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-839522115-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - S-1-5-21-1214440339-839522115-725345543-1004 Startup: SDK Tray Menu.lnk = ? (User '?')
O4 - S-1-5-18 Startup: SDK Tray Menu.lnk = ? (User '?')
O4 - .DEFAULT Startup: SDK Tray Menu.lnk = ? (User 'Default user')
O4 - Startup: SDK Tray Menu.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Savannah\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9541947296
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-209a4725fc671dba.spaces.live ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11378 bytes











Monday, October 5, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 05, 2009 05:57:30
Records in database: 2912753
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Objects scanned 105266
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 02:44:22

File name Threat Threats count
C:\Documents and Settings\Jaime\Application Data\Sun\Java\Deployment\cache\6.0\22\d1ed7d6-55e2e419 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Qoobox\Quarantine\C\Program Files\FrostWire\journey greatest hits MTV.mp3.vir Infected: Trojan-Downloader.WMA.GetCodec.f 1
Selected area has been scanned.






I don't notice any problems really, I actually think it's running faster than before. :)
oftheinstinct
Active Member
 
Posts: 12
Joined: September 29th, 2009, 2:05 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware