No start bar or desktop icons [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

No start bar or desktop icons [Solved]

Options

vmoutrie View Member Profile	Jun 27 2009, 04:20 PM Post #2
Member Posts: 20 OS: Windows XP	I should also add, i can't run explorer.exe from the task manager, even if i browse into the windows folder and select it i get an error message saying it cant find it.

Transience View Member Profile	Jul 3 2009, 03:20 PM Post #3
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Hi vmoutrie and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get down to business, ComboFix is an excellent tool that will help us to deal with your explorer.exe problems in one of several ways. On your other computer, please download, rename, and save a copy of ComboFix as per these instructions: Please click on any of the links below to download Combofix. When you are asked to select the location of the file, please change the name of the file from ComboFix.exe to Combo-Fix.exe, and then save it to your desktop. Link 1 Link 2 Link 3 Once you have the file on your USB drive, plug the drive into the infected computer, and transfer the Combo-Fix.exe file to your desktop on the infected PC. You should be able to do this by opening 2 windows explorer windows from Task Manager > New Task as you have been doing and then drag and dropping the file on to your desktop. It's very important that the file run directly from your desktop. Once it's there, please run it according to these instructions: Notes: Before running ComboFix, you should disable all Antivirus, Anti-Spyware, and Firewall applications so they don't interfere with its running. You can often do this just by right-clicking on the system tray icon and clicking "Disable" or similar. If you need further instructions for how to disable your program specifically, look here. ComboFix will temporarily disconnect your machine from the internet and change your clock settings, this is normal and both will be restored before the program terminates. Do not attempt to run any programs or click on ComboFix's window while it is running, just allow it to proceed uninterrupted aside from okaying any prompts. It may appear to be doing nothing at times, this is normal, don't worry. Next: Double click on ComboFix.exe and follow the prompts. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Recovery Console, and when prompted, agree to the End-User License Agreement to install it. * Note: If the Recovery Console is already installed on your computer, ComboFix will ignore the installation routines and continue its malware removal procedures. Once the Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning. The program will then scan for malware and perform various fixes. You may be asked to reboot, okay the prompt and allow your computer to reboot. Log in as normal and allow ComboFix to complete its run without doing anything else. When it's finished, the program's log will appear in notepad as well as saving itself to C:\ComboFix.txt. Please include the full contents of the log in your next reply. Cheers, Dave

vmoutrie View Member Profile	Jul 4 2009, 05:22 AM Post #4
Member Posts: 20 OS: Windows XP	Hi Dave, thanks alot for your reply! I successfully got ComboFix onto the infected computer, but it can't connect to the internet to download the windows recovery console. I have a mobile internet service which requires the ISP software to be opened and a connection made like the old dial-up way, and when I try to open the software nothing happens. Is there somewhere I can download the windows recovery console and transfer via USB? PS, I have CA anti virus software. I opened the program via task manager and disabled the real-time scanning, will this suffice for disabling the antivirus? Thanks again for your help, Vaughan

Transience View Member Profile	Jul 4 2009, 07:08 AM Post #5
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Now we have to go really old school . We used to do manual installs of the recovery console via ComboFix but its creator automated the process... however the old manual procedure should hopefully do the trick and is actually fairly simple. On a clean computer, visit this page: http://www.microsoft.com/downloads/details...;displaylang=en. Download the boot disk file (this is what we will need to install the recovery console) and save it to your USB drive. Once that's done, transfer it to your desktop on the infected computer like you did with the Combo-Fix.exe file. Then, in order to start ComboFix, instead of double-clicking on Combo-Fix.exe, in a Windows Explorer window, drag and drop the recovery console package into the Combo-Fix.exe file like such (except you won't be doing it your desktop but this is the general idea): You should see prompts similar or identical to the ones I described for the automatic RC install previously, follow those and go ahead with running ComboFix as detailed above. QUOTE PS, I have CA anti virus software. I opened the program via task manager and disabled the real-time scanning, will this suffice for disabling the antivirus? That's probably sufficient it would be worth looking through the task manager process list for any processes that belong to it and killing those before you start CF. Not a huge deal but something to try. Just need the CF log if you can get it for me in your next reply. Cheers, Dave

vmoutrie View Member Profile	Jul 5 2009, 03:56 AM Post #6
Member Posts: 20 OS: Windows XP	OK I just downloaded the file, put it on USB, turned on my infected PC aaaand.... the icons and start bar are back like normal! All I did the other day was put Combo-Fix on there, disable the anti virus and run ComboFix until the point where it tried to download the recovery console. At that point I said No to the download and exited out of the program and shut down. Should I continue to follow the above process, or is there something different you would like me to try given this development? I can access the internet now as well so, provided the situation is the same next time I turn it on, I should be able to run ComboFix the normal way instead of transferring the file I just put on the USB. Thanks

Transience View Member Profile	Jul 5 2009, 09:46 AM Post #7
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Okay assuming you can access the internet and your icons start bar etc. are back please continue with running ComboFix per these instructions: Please click on any of the links below to download Combofix. When you are asked to select the location of the file, please change the name of the file from ComboFix.exe to Combo-Fix.exe, and then save it to your desktop. Link 1 Link 2 Link 3 Notes: Before running ComboFix, you should disable all Antivirus, Anti-Spyware, and Firewall applications so they don't interfere with its running. You can often do this just by right-clicking on the system tray icon and clicking "Disable" or similar. If you need further instructions for how to disable your program specifically, look here. ComboFix will temporarily disconnect your machine from the internet and change your clock settings, this is normal and both will be restored before the program terminates. Do not attempt to run any programs or click on ComboFix's window while it is running, just allow it to proceed uninterrupted aside from okaying any prompts. It may appear to be doing nothing at times, this is normal, don't worry. Next: Double click on ComboFix.exe and follow the prompts. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Recovery Console, and when prompted, agree to the End-User License Agreement to install it. * Note: If the Recovery Console is already installed on your computer, ComboFix will ignore the installation routines and continue its malware removal procedures. Once the Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning. The program will then scan for malware and perform various fixes. You may be asked to reboot, okay the prompt and allow your computer to reboot. Log in as normal and allow ComboFix to complete its run without doing anything else. When it's finished, the program's log will appear in notepad as well as saving itself to C:\ComboFix.txt. Please include the full contents of the log in your next reply. Just need the CF log in your next post . Cheers, Dave

fenzodahl512 View Member Profile	Jul 6 2009, 12:21 AM Post #8
Trusted Helper Posts: 9,208 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo.. Transience will be unavailable for a while.. Please complete Transience's last instruction and post the log here for my review

vmoutrie View Member Profile	Jul 6 2009, 05:09 AM Post #9
Member Posts: 20 OS: Windows XP	Thanks guys, here is the report: ComboFix 09-07-05.03 - Vaughan Moutrie 06/07/2009 20:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.503.164 [GMT 10:00] Running from: c:\documents and settings\Vaughan Moutrie\Desktop\Combo-Fix.exe AV: CA Anti-Virus On-access scanning disabled (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\16982.msp c:\windows\Installer\1b1a1c.msp c:\windows\Installer\254235.msp c:\windows\Installer\2be713.msp c:\windows\Installer\2e0e0.msp c:\windows\Installer\3b96f1.msp c:\windows\Installer\4eb18.msp c:\windows\Installer\5f23d5.msp c:\windows\Installer\bb20a9.msp c:\windows\patch.exe c:\windows\system\GZSnb77896.drv c:\windows\system32\DBCS2016.DLL . ((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-27 11:47 . 2009-06-27 11:47 -------- d-----w- c:\documents and settings\Vaughan Moutrie\Application Data\Malwarebytes 2009-06-27 11:47 . 2009-06-27 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-27 11:47 . 2009-06-27 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-27 11:45 . 2009-06-27 11:45 -------- d-----w- c:\program files\ERUNT 2009-06-17 01:27 . 2009-06-27 11:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 01:27 . 2009-06-27 11:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-13 07:09 . 2004-11-06 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-05-24 08:04 . 2008-03-24 23:47 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys 2009-05-24 08:04 . 2008-03-24 23:47 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys 2009-05-24 08:04 . 2008-03-24 23:47 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys 2009-05-24 08:04 . 2008-03-24 23:47 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys 2009-05-13 08:52 . 2004-02-28 23:06 -------- d-----w- c:\program files\Winamp 2009-05-12 20:38 . 2009-05-09 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-05-12 20:38 . 2009-05-09 07:08 -------- d-----w- c:\program files\NOS 2009-05-09 07:55 . 2009-05-09 07:55 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-05-09 07:54 . 2004-02-28 05:18 -------- d-----w- c:\program files\Common Files\Adobe 2007-11-24 04:11 . 2007-11-24 04:10 2083211 -c--a-w- c:\program files\SnapNBurn.exe 2007-11-24 04:07 . 2007-11-24 04:03 4436563 -c--a-w- c:\program files\burn4free_setup.exe 2007-10-22 13:28 . 2007-10-22 13:28 6316925 -c--a-w- c:\program files\picard-setup-0.7.2-2.exe 2007-10-22 13:02 . 2007-10-22 13:02 4089084 -c--a-w- c:\program files\libofa-0.9.3-win32.zip 2005-03-12 00:28 . 2005-03-12 00:27 3304944 -c--a-w- c:\program files\Shareaza_2.1.0.0.exe 2004-11-15 01:30 . 2004-11-15 01:30 1164112 -c--a-w- c:\program files\wrar341.exe 2004-11-15 01:27 . 2004-11-15 01:26 2421920 -c--a-w- c:\program files\winzip90.exe 2004-11-06 11:46 . 2004-11-06 11:46 1094021 -c--a-w- c:\program files\dvdshrink32setup.zip 2004-11-06 11:29 . 2004-11-06 11:28 3987626 -c--a-w- c:\program files\1clickdvdcopysetup.exe 2004-07-23 11:30 . 2004-07-23 11:30 9059382 -c--a-w- c:\program files\mp3ripper.exe 2004-07-22 09:08 . 2004-07-22 09:08 839576 -c--a-w- c:\program files\dvdtm.exe 2004-02-28 04:26 . 2004-02-28 04:26 6207624 -c--a-w- c:\program files\vet-win32-full-10.61.0.03.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-10 286720] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-01-27 181488] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-12 234736] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-4-5 113664] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] UDisk Assistant.lnk - c:\program files\UDisk utility 1.00.12\UDisk.exe [2009-1-29 532480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tmod.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sierra\\hl.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [29/09/2008 1:01 PM 24652] S1 tmod;DRAM Cash Driver;c:\windows\system32\tmod.sys [9/03/2009 2:29 PM 0] S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [29/06/2004 5:03 PM 20864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2005-01-17 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21097200139.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 10:38] . - - - - ORPHANS REMOVED - - - - HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe Notify-tmodkm - tmodkm.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://au.yahoo.com/?fr=fp-yie8 LSP: c:\windows\system32\VetRedir.dll TCP: {B1063B76-C024-4A97-B58B-1EE36F4D9EFD} = 123.200.191.17 123.200.191.18 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-06 20:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-07-06 21:03 ComboFix-quarantined-files.txt 2009-07-06 11:03 Pre-Run: 10,783,977,472 bytes free Post-Run: 10,774,642,688 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 143 --- E O F --- 2009-05-13 11:48

fenzodahl512 View Member Profile	Jul 7 2009, 12:44 AM Post #10
Trusted Helper Posts: 9,208 OS: Windows XP	Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. How's the computer now?

vmoutrie View Member Profile	Jul 8 2009, 02:26 AM Post #11
Member Posts: 20 OS: Windows XP	Hi Fenzodahl512, I had a bit of trouble at first, I left it to go overnight and in the morning it looks like the computer had had an auto windows update and restarted itself ([bleep] those things!). I put it on to go again this morning, a balloon came up saying low virtual memory, but it was still scanning when I left for work. It seems to have gone OK, but hasn't picked up anything. In the Scan tab the Threat Names etc all have 0 results, and the Scan Report page has an empty table. The prompts it gave me throughout were a bit different to what you have said - I cant see a Save as Text button but there is a Save Report As button which I clicked, changed the file type from webpage to text and saved: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, July 8, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, July 07, 2009 21:00:04 Records in database: 2438441 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 79556 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 06:05:54 No malware has been detected. The scan area is clean. The selected area was scanned. Also, my mother is trying to learn all this stuff and is following the thread. She asks: "In the first OTL scan a lot of files dated 2028. Obviously they had to be infected files, and I'm assuming they have been deleted since by MBAM and Combofix, but I was surprised to see no files listed in the Combofix log for files created in the last month - surely there should be some genuine entries there....are they being hidden by malware or something?" Thanks

fenzodahl512 View Member Profile	Jul 8 2009, 02:40 AM Post #12
Trusted Helper Posts: 9,208 OS: Windows XP	Uh, you are absolutely right about the date.. Please don't delete it yet.. Currently I'm asking the developer of OTL regarding the case anyhow, the computer only has 503mb of RAM.. Its quite low comparing with today's programs.. I strongly suggesting you to upgrade to 1gb of RAM at least.. When it comes to RAM, the more RAM, the better it is.. But for general usage, 1gb of RAM should be enough.. Now, since Kaspersky did not detect anything, can you tell me in details about your computer problem if any? Since not all computer problems related with malware.. It could be caused by something else

vmoutrie View Member Profile	Jul 10 2009, 02:54 AM Post #13
Member Posts: 20 OS: Windows XP	Since the icons and start bar returned, it seems to be running normally...

fenzodahl512 View Member Profile	Jul 10 2009, 02:55 AM Post #14
Trusted Helper Posts: 9,208 OS: Windows XP	Hello.. sorry for my late reply.. Please pm me if you didn't receive any response after 36 hours.. Anyhow, I've sent a pm to you.. Run it and post the log here

vmoutrie View Member Profile	Jul 10 2009, 04:10 AM Post #15
Member Posts: 20 OS: Windows XP	Hey thats OK, no rush Here is the log: ComboFix 09-07-09.07 - Vaughan Moutrie 10/07/2009 19:10.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.503.169 [GMT 10:00] Running from: c:\documents and settings\Vaughan Moutrie\Desktop\Combo-Fix.exe AV: CA Anti-Virus On-access scanning disabled (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-27 11:47 . 2009-06-27 11:47 -------- d-----w- c:\documents and settings\Vaughan Moutrie\Application Data\Malwarebytes 2009-06-27 11:47 . 2009-06-27 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-27 11:47 . 2009-06-27 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-27 11:45 . 2009-06-27 11:45 -------- d-----w- c:\program files\ERUNT 2009-06-17 01:27 . 2009-06-27 11:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 01:27 . 2009-06-27 11:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-13 07:09 . 2004-11-06 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-05-24 08:04 . 2008-03-24 23:47 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys 2009-05-24 08:04 . 2008-03-24 23:47 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys 2009-05-24 08:04 . 2008-03-24 23:47 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys 2009-05-24 08:04 . 2008-03-24 23:47 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys 2009-05-13 08:52 . 2004-02-28 23:06 -------- d-----w- c:\program files\Winamp 2009-05-13 05:15 . 2004-02-06 08:05 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 20:38 . 2009-05-09 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-05-12 20:38 . 2009-05-09 07:08 -------- d-----w- c:\program files\NOS 2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-04-14 04:37 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2007-11-24 04:11 . 2007-11-24 04:10 2083211 -c--a-w- c:\program files\SnapNBurn.exe 2007-11-24 04:07 . 2007-11-24 04:03 4436563 -c--a-w- c:\program files\burn4free_setup.exe 2007-10-22 13:28 . 2007-10-22 13:28 6316925 -c--a-w- c:\program files\picard-setup-0.7.2-2.exe 2007-10-22 13:02 . 2007-10-22 13:02 4089084 -c--a-w- c:\program files\libofa-0.9.3-win32.zip 2005-03-12 00:28 . 2005-03-12 00:27 3304944 -c--a-w- c:\program files\Shareaza_2.1.0.0.exe 2004-11-15 01:30 . 2004-11-15 01:30 1164112 -c--a-w- c:\program files\wrar341.exe 2004-11-15 01:27 . 2004-11-15 01:26 2421920 -c--a-w- c:\program files\winzip90.exe 2004-11-06 11:46 . 2004-11-06 11:46 1094021 -c--a-w- c:\program files\dvdshrink32setup.zip 2004-11-06 11:29 . 2004-11-06 11:28 3987626 -c--a-w- c:\program files\1clickdvdcopysetup.exe 2004-07-23 11:30 . 2004-07-23 11:30 9059382 -c--a-w- c:\program files\mp3ripper.exe 2004-07-22 09:08 . 2004-07-22 09:08 839576 -c--a-w- c:\program files\dvdtm.exe 2004-02-28 04:26 . 2004-02-28 04:26 6207624 -c--a-w- c:\program files\vet-win32-full-10.61.0.03.exe . ((((((((((((((((((((((((((((( SnapShot@2009-07-06_10.59.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-10 08:42 . 2009-07-10 08:42 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat + 2003-03-31 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll - 2003-03-31 12:00 . 2009-03-07 18:33 25600 c:\windows\system32\jsproxy.dll + 2009-07-07 10:36 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll - 2006-05-10 05:22 . 2009-03-07 18:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2006-05-10 05:22 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-07-07 17:06 . 2009-03-07 18:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll + 2009-07-07 17:06 . 2009-03-07 18:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll + 2003-03-31 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll - 2003-03-31 12:00 . 2009-03-07 18:32 173056 c:\windows\system32\ie4uinit.exe + 2003-03-31 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe - 2028-02-28 13:31 . 2009-06-21 02:15 138056 c:\windows\system32\FNTCACHE.DAT + 2028-02-28 13:31 . 2009-07-07 17:13 138056 c:\windows\system32\FNTCACHE.DAT + 2006-05-10 05:23 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll + 2009-07-07 10:36 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll + 2006-10-26 15:44 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll + 2006-10-26 15:44 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe - 2006-10-26 15:44 . 2009-03-07 18:32 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-07-07 17:06 . 2009-03-07 18:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll + 2009-07-07 17:06 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll + 2009-07-07 17:06 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe + 2009-07-07 17:06 . 2009-03-07 18:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll + 2009-07-07 17:06 . 2009-03-08 04:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll + 2009-07-07 17:06 . 2009-03-07 18:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe + 2004-01-21 05:20 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll + 2004-07-07 08:37 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll - 2006-10-17 01:57 . 2009-03-07 18:32 1985024 c:\windows\system32\iertutil.dll + 2006-10-17 01:57 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll + 2008-10-15 22:21 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys + 2006-05-10 05:23 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll + 2006-05-19 15:08 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll - 2007-05-08 22:44 . 2009-03-07 18:32 1985024 c:\windows\system32\dllcache\iertutil.dll + 2007-05-08 22:44 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll + 2009-07-07 17:06 . 2009-03-07 18:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll + 2009-07-07 17:06 . 2009-03-07 18:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll + 2009-07-07 17:06 . 2009-03-07 18:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll + 2005-05-12 04:41 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe + 2006-10-27 04:09 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll + 2007-05-08 22:44 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll + 2009-07-07 17:06 . 2009-03-07 18:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-10 286720] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-01-27 181488] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-12 234736] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-4-5 113664] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] UDisk Assistant.lnk - c:\program files\UDisk utility 1.00.12\UDisk.exe [2009-1-29 532480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tmod.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sierra\\hl.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [29/09/2008 1:01 PM 24652] S1 tmod;DRAM Cash Driver;c:\windows\system32\tmod.sys [9/03/2009 2:29 PM 0] S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [29/06/2004 5:03 PM 20864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2005-01-17 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21097200139.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 10:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://au.yahoo.com/?fr=fp-yie8 LSP: c:\windows\system32\VetRedir.dll TCP: {B1063B76-C024-4A97-B58B-1EE36F4D9EFD} = 123.200.191.17 123.200.191.18 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-10 19:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(412) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll . Completion time: 2009-07-10 19:23 ComboFix-quarantined-files.txt 2009-07-10 09:23 ComboFix2.txt 2009-07-06 11:04 Pre-Run: 10,584,485,888 bytes free Post-Run: 10,631,172,096 bytes free 177 --- E O F --- 2009-07-07 17:06

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Windows 98�, 95, ME no desktop icons explorer bar or desktop icons	1 / 687	27th April 2005 - 12:58 PM Hot_Reezy started - last by TonyKlein
Windows XP�, 2000, 2003, NT No start bar or desktop icons on login	4 / 462	26th April 2007 - 12:12 PM Otieno started - last by Retired Tech
Windows XP�, 2000, 2003, NT No start menu or desktop icons. Also can no longer cut, paste, or dra	6 / 454	1st July 2008 - 02:05 AM ChicagosOnlyPunk started - last by mirjel
Virus, Spyware and Trojan Removal No wallpaper or quick launch bar or desktop icons on startup or re-sta	7 / 637	22nd August 2008 - 04:21 PM Panther6730 started - last by Rorschach112