Missing Menu Bar & Desktop Icons [CLOSED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

Missing Menu Bar & Desktop Icons [CLOSED], HP Pavilion 733n Desktop

Options

DanZaMan4251 View Member Profile	Nov 25 2007, 07:08 PM Post #1
Member Posts: 36 OS: Mac OS X, Vista	Hello, I am helping my friend out and helping him fix his computer. It is a HP Pavilion 733n Desktop. It has a AMD Athlon XP 2400+ 2.00GHz CPU and 480MB or ram. It is running Microsoft Windows XP Home Edition Version 2002 Service Pack 2. My friend says that about a year, his computer will start up with no Menu bar(The bar at the bottom of the screen that has the start button button) or desktop icons. Everything I do has to be ran through Windows Task Manager (alt + ctrl + del). I cannot access the control panel by typing "control" or "control panel" under a new task. I can not access run either (I think that task manager is the same thing, sort of?). I have downloaded Norton 360 and ran a complete antivirus/spyware test. There was a total of 1036290 files, 10759 threats and 10748 were resolved(I'm going to run another one soon.) I'm currently using Registry First aid to try and fix it. I have searched google and many other forums in hope of someone with the same problem, but no luck (I'm sure there are, I just can't Find them.) So the main thing I'd like to do is get the menu bar and Icons back. I have talked to Hp, they gave me a registry file, but that didn't help. My friend said it was a virus. While Norton was scanning the files, I noticed that there were traces of Kazaa and Lime-wire (that's a big no-no, especially with no antivirus software) I would appreciate clear instructions and I would like to thank you in advance. Thanks! (I feel like I'm Forgetting Something, but I can't remember it, I'll post or edit when I remember)Thanks, and I look forward to becoming an active member.

DanZaMan4251 View Member Profile	Nov 25 2007, 07:35 PM Post #2
Member Posts: 36 OS: Mac OS X, Vista	Here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:43:38 PM, on 11/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton 360\ScanStub.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\luall.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUUPDATE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt42\Sevinst.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,onepisy.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll O2 - BHO: TTB000000 Class - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [WinUpdate.exe] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [WinUpdate.exe] (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7C0137-6063-477A-943C-E6E98157D0DF}: Domain = hsd1.il.comcast.net. O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: DateTime - C:\WINDOWS\ O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\ O20 - Winlogon Notify: Nls - C:\WINDOWS\ O20 - Winlogon Notify: RunOnce - C:\WINDOWS\ O20 - Winlogon Notify: Telephony - C:\WINDOWS\ O20 - Winlogon Notify: URL - C:\WINDOWS\ O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\ O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - (no file) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10560 bytes

Essexboy View Member Profile	Nov 28 2007, 04:33 PM Post #3
GeekU Moderator Posts: 14,119 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi there sorry for the delay, lets see what I can do to help First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet. To Get rid of NewDotNet, go to: Start > Control Panel > Add or Remove Programs and remove the following: New.Net Applications or New.Net Domains (anything that says New.Net) If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4. In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do. NEXT Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,onepisy.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL O2 - BHO: TTB000000 Class - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [WinUpdate.exe] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [WinUpdate.exe] (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: DateTime - C:\WINDOWS\ O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\ O20 - Winlogon Notify: Nls - C:\WINDOWS\ O20 - Winlogon Notify: RunOnce - C:\WINDOWS\ O20 - Winlogon Notify: Telephony - C:\WINDOWS\ O20 - Winlogon Notify: URL - C:\WINDOWS\ O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\ O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - (no file) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): Mywebsearch Please note any other programs that you dont recognize in that list in your next response THEN Please download the OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\Program Files\MyWebSearch C:\Program Files\NewDotNet C:\Program Files\ZangoToolbar C:\WINDOWS\COUPON~1.DLL C:\WINDOWS\CouponBarIE.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveIt If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\*****_**.log (where "******_**" is the "date_time") Click "Exit" to close OTMoveIt. FINALLY FOR NOW Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Logs required : OTMoveit and Combofix**

DanZaMan4251 View Member Profile	Nov 28 2007, 06:22 PM Post #4
Member Posts: 36 OS: Mac OS X, Vista	Thank You, I went to the Control Panel and deleted "new.net domains 7.48" then, I tried to uninstall my websearch but if gave me this "Error loading C:\progra~1\MYWEBS~1\bar\s.bin\mwsbar.dll The specified module could not be found" Old Timer log C:\Program Files\MyWebSearch\SrchAstt moved successfully. C:\Program Files\MyWebSearch\bar\Settings moved successfully. C:\Program Files\MyWebSearch\bar\Notifier moved successfully. C:\Program Files\MyWebSearch\bar\Message moved successfully. C:\Program Files\MyWebSearch\bar\icons moved successfully. Folder move failed. C:\Program Files\MyWebSearch\bar\History\search2 scheduled to be moved on reboot. Folder move failed. C:\Program Files\MyWebSearch\bar\History\search scheduled to be moved on reboot. C:\Program Files\MyWebSearch\bar\History moved successfully. C:\Program Files\MyWebSearch\bar\Game moved successfully. Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\02E71DCB scheduled to be moved on reboot. Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\02A4A62B scheduled to be moved on reboot. Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\02A4A3BA scheduled to be moved on reboot. Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\01B8A00C scheduled to be moved on reboot. Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\01B87D80 scheduled to be moved on reboot. Folder move failed. C:\Program Files\MyWebSearch\bar\Cache\002483B7 scheduled to be moved on reboot. C:\Program Files\MyWebSearch\bar\Cache moved successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON moved successfully. C:\Program Files\MyWebSearch\bar\Avatar moved successfully. C:\Program Files\MyWebSearch\bar moved successfully. C:\Program Files\MyWebSearch moved successfully. File/Folder C:\Program Files\NewDotNet not found. C:\Program Files\ZangoToolbar\Bin moved successfully. C:\Program Files\ZangoToolbar moved successfully. File/Folder C:\WINDOWS\COUPON~1.DLL not found. File/Folder C:\WINDOWS\CouponBarIE.dll not found. Created on 11/28/2007 18:13:15 I couldn't get a combo fix log because I'd run it and it would shut he window, open one, say acess denied, preparing to run, acess denied then it shut I ran this in both safe and noramal mode here is the hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:31:50 PM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7C0137-6063-477A-943C-E6E98157D0DF}: Domain = hsd1.il.comcast.net. O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing) O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6027 bytes

Essexboy View Member Profile	Nov 29 2007, 12:13 PM Post #5
GeekU Moderator Posts: 14,119 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	No problem on combofix I will take another route Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. If you could also let me know your current situation

Essexboy View Member Profile	Nov 29 2007, 03:40 PM Post #7
GeekU Moderator Posts: 14,119 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Not a lot showing there So........ Download and then run SuperAntispyware On the first page select Check for Updates On completion select SCAN YOUR COMPUTER On the next page select COMPLETE SCAN and tick ALL your drives The next stage will take a while as your entire drive(s), memory and registry are scanned When it has completed click NEXT The next screen shows the problems found click OK On the next screen place a tick against all items and select NEXT Now to get the log Go to the PREFERENCES button on the right bottom Select the STATISTICS/LOG tab Highlight the scan just completed and click VIEW LOG This will open a notepad text file copy and paste this to your next reply ON COMPLETION or you can do this first Start Superantispyware Select the preferences button (bottom right) Select the repair tab Select Enable system tray Click perform repair Select Reset desktop policies Click perform repair THEN Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Close ALL OTHER PROGRAMS. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts. Regards the task bar has anyone been playing and reduced the size of the task bar ? If that is a possibility look here http://www.petermartinconsult.supanet.com/...ows/taskbar.htm

DanZaMan4251 View Member Profile	Nov 29 2007, 05:37 PM Post #8
Member Posts: 36 OS: Mac OS X, Vista	SUPERAntiSpyware Scan Log Generated 11/29/2007 at 05:17 PM Application Version : 3.6.1000 Core Rules Database Version : 3190 Trace Rules Database Version: 1200 Scan type : Complete Scan Total Scan Time : 01:19:51 Memory items scanned : 386 Memory threats detected : 0 Registry items scanned : 6814 Registry threats detected : 247 File items scanned : 60790 File threats detected : 39 Adware.MyWebSearch HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN\MWSBAR.DLL Adware.CouponBar HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455} HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455} HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455} HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32 HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID C:\WINDOWS\COUPONBARIE.DLL Adware.MovieLand/MediaPipe C:\Program Files\MovieLand Terms.html Adware.180solutions/Search Assistant HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version Adware.Apropos Media C:\WINDOWS\system32\auto_update_uninstall.log Adware.Avenue Media/Internet Optimizer HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32 HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib#Version HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Registry Cleaner Trial C:\Documents and Settings\Owner\Application Data\Registry Cleaner\Backups\2004-12-19,16-52 44 796.zip C:\Documents and Settings\Owner\Application Data\Registry Cleaner\Backups C:\Documents and Settings\Owner\Application Data\Registry Cleaner\RegClean.ini C:\Documents and Settings\Owner\Application Data\Registry Cleaner Trojan.NetMon/DNSChange HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc Trojan.Security Toolbar C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url C:\Documents and Settings\All Users\Desktop\Online Security Guide.url Adware.SearchClickAds HKCR\KBBar.KBBarBand HKCR\KBBar.KBBarBand\CurVer HKCR\KBBar.KBBarBand.1 HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1} HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\ProxyStubClsid HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\ProxyStubClsid32 HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\TypeLib HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\TypeLib#Version Trojan.DollarRevenue C:\WINDOWS\newname.dat C:\WINDOWS\keyboard1.dat Adware.IST/ISTBar (Slotch Bar) HKU\S-1-5-21-247674877-1981001023-514352727-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ] Browser Hijacker.Deskbar HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D} HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32 HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C} HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32 HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108} HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32 HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version Adware.Advertisemen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen#UninstallString Trojan.Media-Codec HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare Malware.SpywareBot HKU\S-1-5-21-247674877-1981001023-514352727-1003\Software\SpywareBot Adware.Zango Toolbar/Hb HKCR\ZangoToolbar.ZbCommBand HKCR\ZangoToolbar.ZbCommBand\CLSID HKCR\ZangoToolbar.ZbCommBand\CurVer HKCR\ZangoToolbar.ZbCommBand.1 HKCR\ZangoToolbar.ZbCommBand.1\CLSID HKCR\ZbCoreSrv.LfgAx HKCR\ZbCoreSrv.LfgAx\CLSID HKCR\ZbCoreSrv.LfgAx\CurVer HKCR\ZbCoreSrv.LfgAx.1 HKCR\ZbCoreSrv.LfgAx.1\CLSID HKCR\ZbCoreSrv.ZbCoreServices HKCR\ZbCoreSrv.ZbCoreServices\CLSID HKCR\ZbCoreSrv.ZbCoreServices\CurVer HKCR\ZbCoreSrv.ZbCoreServices.1 HKCR\ZbCoreSrv.ZbCoreServices.1\CLSID HKCR\ZbHostIE.Bho HKCR\ZbHostIE.Bho\CLSID HKCR\ZbHostIE.Bho\CurVer HKCR\ZbHostIE.Bho.1 HKCR\ZbHostIE.Bho.1\CLSID HKCR\ZbSrv.ZbCoreServices HKCR\ZbSrv.ZbCoreServices\CLSID HKCR\ZbSrv.ZbCoreServices\CurVer HKCR\ZbSrv.ZbCoreServices.1 HKCR\ZbSrv.ZbCoreServices.1\CLSID HKCR\ZbToolbar.ZbHtmlMenuUI HKCR\ZbToolbar.ZbHtmlMenuUI\CLSID HKCR\ZbToolbar.ZbHtmlMenuUI\CurVer HKCR\ZbToolbar.ZbHtmlMenuUI.1 HKCR\ZbToolbar.ZbHtmlMenuUI.1\CLSID HKCR\ZbToolbar.ZbToolbarCtl HKCR\ZbToolbar.ZbToolbarCtl\CLSID HKCR\ZbToolbar.ZbToolbarCtl\CurVer HKCR\ZbToolbar.ZbToolbarCtl.1 HKCR\ZbToolbar.ZbToolbarCtl.1\CLSID HKCR\ZbTools.HbMain HKCR\ZbTools.HbMain\CLSID HKCR\ZbTools.HbMain\CurVer HKCR\ZbTools.HbMain.1 HKCR\ZbTools.HbMain.1\CLSID HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Control HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Implemented Categories HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Implemented Categories\{00021494-0000-0000-C000-000000000046} HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\InprocServer32 HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\InprocServer32#ThreadingModel HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Instance HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Instance#CLSID HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Instance\InitPropertyBag HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Instance\InitPropertyBag#Url HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\MiscStatus HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\MiscStatus\1 HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\ProgID HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Programmable HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\ToolboxBitmap32 HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\TypeLib HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\Version HKCR\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}\VersionIndependentProgID HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334} HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\InprocServer32 HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\InprocServer32#ThreadingModel HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\ProgID HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\TypeLib HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\VersionIndependentProgID HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1} HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}#AppID HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Control HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Implemented Categories HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\InprocServer32 HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\InprocServer32#ThreadingModel HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\MiscStatus HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\MiscStatus\1 HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\ProgID HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Programmable HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\ToolboxBitmap32 HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\TypeLib HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Version HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\VersionIndependentProgID HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E} HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\InprocServer32 HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\InprocServer32#ThreadingModel HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\ProgID HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\Programmable HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\TypeLib HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\VersionIndependentProgID HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911} HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}\InprocServer32 HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}\InprocServer32#ThreadingModel HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}\ProgID HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}\Programmable HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}\TypeLib HKCR\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}\VersionIndependentProgID HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF} HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\LocalServer32 HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\ProgID HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\Programmable HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\TypeLib HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\VersionIndependentProgID HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E} HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\Control HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\InprocServer32 HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\InprocServer32#ThreadingModel HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\MiscStatus HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\MiscStatus\1 HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\ProgID HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\Programmable HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\ToolboxBitmap32 HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\TypeLib HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\Version HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\VersionIndependentProgID HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251} HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0 HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0\0 HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0\0\win32 HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0\FLAGS HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0\HELPDIR HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E} HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0 HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0\0 HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0\0\win32 HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0\FLAGS HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0\HELPDIR HKCR\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4} HKCR\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}\1.0 HKCR\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}\1.0\0 HKCR\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}\1.0\0\win32 HKCR\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}\1.0\FLAGS HKCR\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}\1.0\HELPDIR HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2} HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0 HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0\0 HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0\0\win32 HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0\FLAGS HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0\HELPDIR HKU\S-1-5-21-247674877-1981001023-514352727-1003\Software\ZangoToolbar HKLM\Software\ZangoToolbar HKLM\Software\ZangoToolbar\Install HKLM\Software\ZangoToolbar\Install#IE HKLM\Software\ZangoToolbar\Install#OL HKLM\Software\ZangoToolbar\Install#WT HKLM\Software\ZangoToolbar\Install#WP HKLM\Software\ZangoToolbar\Install#Install_Dir HKLM\Software\ZangoToolbar\Install\CmpMap HKLM\Software\ZangoToolbar\Install\CmpMap#IE HKLM\Software\ZangoToolbar\Install\CmpMap#OL HKLM\Software\ZangoToolbar\Install\CmpMap#WT HKLM\Software\ZangoToolbar\Install\CmpMap#WP HKLM\Software\ZangoToolbar\ZangoToolbar HKLM\Software\ZangoToolbar\ZangoToolbar\Install HKLM\Software\ZangoToolbar\ZangoToolbar\Install#StartInstall HKLM\Software\ZangoToolbar\ZangoToolbar\Install#cookies_flag HKLM\Software\ZangoToolbar\ZangoToolbar\Install#IID HKLM\Software\ZangoToolbar\ZangoToolbar\Install#IID_prv HKLM\Software\ZangoToolbar\ZangoToolbar\Install#PrevVer HKLM\Software\ZangoToolbar\ZangoToolbar\Install#CurrentVer HKLM\Software\ZangoToolbar\ZangoToolbar\MachineInfo HKLM\Software\ZangoToolbar\ZangoToolbar\MachineInfo#CID HKLM\Software\ZangoToolbar\ZangoToolbar\MachineInfo#CID_prv HKLM\Software\ZangoToolbar\ZangoToolbar\PI HKLM\Software\ZangoToolbar\ZangoToolbar\PI\3.2 HKLM\Software\ZangoToolbar\ZangoToolbar\PI\3.2#PID00 Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.WINXPHOME\DESKTOP\CHEAP HOLIDAY TRAVEL.URL C:\DOCUMENTS AND SETTINGS\DEFAULT USER\DESKTOP\CHEAP HOLIDAY TRAVEL.URL C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\CHEAP HOLIDAY TRAVEL.URL C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\FREE ONLINE MUSIC.URL C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\ONLINE DATING.URL C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\DESKTOP\CHEAP HOLIDAY TRAVEL.URL D:\N360_BACKUP\DRIVE_C\DOCUMENTS AND SETTINGS\ADMINISTRATOR.WINXPHOME\DESKTOP\CHEAP HOLIDAY TRAVEL.URL Adware.Affiliate C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\REMOVE SPYWARE.URL Trojan.NewDotNet C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071128-162723-519.DLL C:\WINDOWS\NDNUNINSTALL6_38-1.EXE C:\WINDOWS\NDNUNINSTALL6_38.EXE C:\WINDOWS\NDNUNINSTALL7_48.EXE Trojan.SmartLoad C:\WINDOWS\DRSMARTLOAD2.DAT Worm.Alcra Variant C:\WINDOWS\SYSTEM32\CMD.COM C:\WINDOWS\SYSTEM32\NETSTAT.COM C:\WINDOWS\SYSTEM32\PING.COM C:\WINDOWS\SYSTEM32\REGEDIT.COM C:\WINDOWS\SYSTEM32\TASKKILL.COM C:\WINDOWS\SYSTEM32\TASKLIST.COM C:\WINDOWS\SYSTEM32\TRACERT.COM Adware.Tracking Cookie C:\WINDOWS\system32\config\systemprofile\Cookies\owner@creativeby.viewpoint[1].txt Adware.NicTech Networks C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\10NGFXA6\APPWRAP[4].EXE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BFI8ZWE6\APPWRAP[5].EXE Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\WCPSU.EXE WinPFind3U is not responding every time I open It, Thus, I can't get a log

DanZaMan4251 View Member Profile	Nov 29 2007, 05:37 PM Post #9
Member Posts: 36 OS: Mac OS X, Vista	also, I can't right click on the desktop to follow that link. (I don't know if this means anything but when ever I try to open the control pannel through new task by using "control" and "control panel" it pops up, but if just flashes) (i can't open the control panel either) This post has been edited by DanZaMan4251: Nov 29 2007, 05:39 PM

Essexboy View Member Profile	Nov 30 2007, 12:32 PM Post #11
GeekU Moderator Posts: 14,119 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	After the Winpfind fix I would like you to re-run the Combofix programme Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. QUOTE [Registry - Non-Microsoft Only] < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ YN -> {0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ YN -> {0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform YN -> {5B05902B-4D20-4DAC-87E1-C9CCD4EC6229} -> YN -> FunWebProducts -> < Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ YN -> text/html -> Reg Data - Key not found [Files/Folders - Modified Within 30 days] NY -> popcinfo.dat -> %SystemRoot%\popcinfo.dat NY -> SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job NY -> d3d9caps.dat -> %System32%\d3d9caps.dat [File String Scan - Non-Microsoft Only] NY -> @Alternate Data Stream - 26 bytes -> %SystemDrive%\Scorecards.pdf:Zone.Identifier NY -> WSUD , -> %SystemRoot%\cvnvwvc.exe NY -> WSUD , -> %SystemRoot%\frxvy.log NY -> qoologic , urllogic , urllogic , abetterinternet.com , -> %SystemRoot%\httktt.dll NY -> @Alternate Data Stream - 7471 bytes -> %SystemRoot%\KB828741.log:kronuj NY -> @Alternate Data Stream - 3567 bytes -> %SystemRoot%\KB835732.log:dszswu NY -> PEC2 , PECompact2 , -> %SystemRoot%\manager.exe NY -> @Alternate Data Stream - 7471 bytes -> %SystemRoot%\Q309521.log:vzaqfn NY -> @Alternate Data Stream - 3567 bytes -> %SystemRoot%\Q311889.log:nakezq NY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable NY -> WSUD , -> %SystemRoot%\~GLH0014.TMP NY -> WSUD , -> %System32%\jdkyo.dat NY -> WSUD , -> %System32%\qsjou.txt NY -> aspack , PTech , -> %System32%\saie_kyf.dat NY -> @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable NY -> WSUD , -> %System32%\xrqis.log NY -> WSUD , -> %System32%\ykhfs.txt The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. NEXT Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Could you let me know exactly what does not work at the moment on your system. Logs required : Winpfind result, Combofix and a new Hijackthis log

DanZaMan4251 View Member Profile	Nov 30 2007, 03:02 PM Post #12
Member Posts: 36 OS: Mac OS X, Vista	I still am getting an access denied error when I try to run combofix hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:11:00 PM, on 11/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7C0137-6063-477A-943C-E6E98157D0DF}: Domain = hsd1.il.comcast.net. O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6087 bytes windpfind it [Registry - Non-Microsoft Only] < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ YN -> {0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ YN -> {0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform YN -> {5B05902B-4D20-4DAC-87E1-C9CCD4EC6229} -> YN -> FunWebProducts -> < Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ YN -> text/html -> Reg Data - Key not found [Files/Folders - Modified Within 30 days] NY -> popcinfo.dat -> %SystemRoot%\popcinfo.dat NY -> SpywareBot Sch < End of log > Created on 11/30/2007 15:07:57

DanZaMan4251 View Member Profile	Nov 30 2007, 03:13 PM Post #13
Member Posts: 36 OS: Mac OS X, Vista	sorry i forgot to put this in my last post but there is no noticible difference

Essexboy View Member Profile	Nov 30 2007, 04:39 PM Post #14
GeekU Moderator Posts: 14,119 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	OK while I continue to research the task bar could you do the following Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove" O18 - Filter hijack: text/html - (no CLSID) - (no file) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Download and run ERUNT http://www.larshederer.homepage.t-online.de/erunt/ Start ERUNT, confirm the Welcome message. Type in the name of a restore folder where the backed up registry files should be saved, or click "..." to browse your computer's drives and select a folder. You can also simply leave the default, which is a folder named ERDNT inside your Windows folder, the advantage being that you have access to this folder from the Windows Recovery Console in case Windows does not boot anymore. Next, select the backup options: - System registry: - Current user registy: . - Other open user registries: Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.) The ERDNT program for later restoration of the registry is automatically copied to the restore folder. WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine REGISTRY FIX QUOTE REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2] Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4. Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES Then in the FILE NAME box type fix.reg This will create a fix.reg file on your desktop To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done. Reboot your system and see if the task bar has returned If that should fail then download and run this small VBS file http://www.kellys-korner-xp.com/regs_edits...ktop_fixall.vbs This post has been edited by Essexboy: Nov 30 2007, 04:41 PM

DanZaMan4251 View Member Profile	Nov 30 2007, 07:43 PM Post #15
Member Posts: 36 OS: Mac OS X, Vista	still no luck with anything Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:52:54 PM, on 11/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~4\COMCAS~1.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7C0137-6063-477A-943C-E6E98157D0DF}: Domain = hsd1.il.comcast.net. O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6084 bytes

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Task bar and Desktop Icons [CLOSED]	2 / 333	25th September 2005 - 08:49 AM lugu07 started - last by Buckeye_Sam
Virus, Spyware and Trojan Removal Start Menu Bar and Desktop Missing	0 / 245	14th November 2005 - 12:34 PM Bigglesbutcha started - last by Bigglesbutcha
Virus, Spyware and Trojan Removal Help! Taskbar & desktop icons missing	0 / 600	13th November 2007 - 03:06 AM rengganis started - last by rengganis
Virus, Spyware and Trojan Removal Missing Wallpaper; Only sidebar & desktop icons/shortcuts are disp 12	24 / 1,204	10th June 2008 - 06:43 AM dressydoll started - last by sage5