Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Desktop and Taskbar are missing [RESOLVED]

Started by reena , Jun 07 2006 05:57 PM

This topic is locked

#16
rambro

Posted 15 June 2006 - 12:40 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

This post is based on your previous two posts, not your most recent post, execute the following instructions where they apply and to the best of your ability.

Dear reena, get your computer system out of "Selective Startup" and put it into "Normal Startup"!!!!!

Dear reena, don't add any new software to your computer system unless I explicity ask you to add stuff to your computer, "GET RID OF BITDEFENDER"!!!

Dear reena, I've put a tremendous amount of time in on your log, so let's try and get rid of these unneccessary programs from your computer system. No kidding, No fooling around!!!
***************************

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

I found the following Antivirus program "remnants" on your computer system: AVG, Avast, TrendMicro's PC-Cillin Anti-Virus software, Norton antivirus and ClamWin. I will have you fix the HijackThis lines and delete the associated files/folders on these items, until you decide what antivirus software you want to install on your computer system. Having mulitple antivirus programs on your computer system is overkill and they may interfere with each other. You only need one antivirus program to protect your computer system (i.e. I suggest installing AVGFREE antivirus software.)
********************************

I found the following Anti-spyware program "remnants" on your computer system: eacceleration Stop Sign, Windows Defender, Spyware Doctor, Spyware Nuker, STOPzilla, SpyHunter, Regrun, True Sword and SpyBlocs. I will have you fix the HijackThis lines and delete the associated files/folders on these items, I want you to uninstall all of the these programs except Spyware Doctor. Having mutiple anti-spyware programs on your computer system is overkill and they may interfere with each other. You only need one anti-spyware program to protect your computer system (i.e. I would like you to keep Spyware Doctor).
**************************

I found the following file sharing programs on your computer: Blubster, FileFreedom, Limewire, BitTorrent 4.2.0 and Shareaza v1.8. File-sharing programs serve as vehicles for downloading spyware on to your computer system. I had you keep Shareazea v1.8 and BitTorrent 4.2.0. I think BitTorrent is a questionable application, but I had your keep it because I found another application on your computer that relies on this application (i.e. if were me I would unistall the the BitTorrent 4.2.0 application). Shareazea v1.8 is a safe file-sharing application. For other safe file-sharing alternatives see the following link: http://www.spywarein...m/articles/p2p/
************************

Please run the following Symantec removal tools to get rid of some of the spyware on your computer.

1. http://securityrespo...ter.b.worm.html (W32.Blaster.B.Worm)

2. http://sarc.com/avce...e.ieplugin.html (Adware.IEPlugin)

3. http://www.symantec.....webhancer.html (Trackware.Webhancer)

4. http://sarc.com/avce...are.istbar.html (Adware.Istbar)

5. http://www.sarc.com/...re.keenval.html (Adware.Keenval)

6. http://sarc.com/avce...toptimizer.html (Adware.NetOptimizer)

7. http://www.symantec....rgainbuddy.html (Adware.BargainBuddy)

8. http://www.symantec....dware.gain.html (Adware.GAIN)

Miscellaneous removal instructions

9. http://www.pchell.co...ort/gator.shtml (Gator removal instructions.)
*****************************

Click Start then Control Panel then Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the Remove or Change button and if asked select "Yes" or "Ok" to remove:

SaveNow and/or WhenUShop and/or SaveUninst.exe
WebRebates and/or Web CPR
Internet 404 and/or MSIETS and/or Tools for Internet Explorer
superbar
Marketscore and/or Netsetter
NavHelper
Ebates Moe Money Maker
Gator
Bullseye Network and/or Cashback and/or Navisearch
TopText and/or TopText ILookup and/or HotText and/or ContextPro
BonziBUDDY
Date Manager
PrecisionTime

Optional programs you can uninstall, through the Add/Remove program:

WildTangent is an online gaming package that is installed by a number of third party applications
and even OEMs, ISPs , AIM and P2P. It collects personal information from customers when they buy one of
their products (such as name, contact information and payment and billing information and system information)
and sends that info back to wildtangent. Most security experts regard this as spyware. If you installed
this and want to keep be aware of this. If you didn’t install this software remove it through add/remove programs.

Uninstall the following program/programs through Add/Remove programs (if they exist):

WildTangent
****************

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546. I suggest you remove the program now.

Uninstall the following program/programs through Add/Remove programs (if they exist):

Viewpoint or Viewpoint Manager or Viewpoint Media Player

Use the following link as a reference: http://ask-leo.com/viewmgrexe.html
****************************

P2P Networking - is a content-distribution system based on peer-to-peer principles that uses system resources and bandwidth for distribution. The content may be ads, commercials, or music, which are downloaded from the network for use by other programs. This content may contain spyware. P2P Networking has been reported to be responsible for serious system slowdowns. Here you can read more about P2P Networking.

Uninstall the following program/programs through Add/Remove programs (if they exist):

P2P Networking
***********************

NewDotNet is an ad supported software. The application is running silently in the background as a browser helper object (BHO). It pops up ad windows while you are surfing the web and periodically connects to the remote server to check for available updates.

new.net was originally designed to shorten web addresses. They created some new virtual top level domains like .mp3, .xxx, .travel which can only be visited on computers with the new.net addons installed.

The software is mostly bundled with other software products like file sharing tools or other ad supported freeware tools.

NewDotNet is a browser hijacker and can update itself without any input from you. Anything that modifies your windows HOSTS file is a hijacker and we don't want it! The "purpose" of this is to add support for additional domains like .AGENT .INC .LOVE .SHOP .SPORT. We suggest you remove this.

Here are instructions to remove NewDotNet: http://www.newdotnet.com/removal.html

Here are other links that provide removal instructions for NewDotNet:

http://www.antisourc...e.php/newdotnet
http://www.pchell.co...t/savenow.shtml
http://www.bleepingc...tNet-t3095.html
*********************

Internet Optimizer is advertised as software to improve internet connections, it hogs system resources and may hijack error pages.

Uninstall the following program/programs through Add/Remove programs (if they exist):

Internet Optimizer
************

WeatherCast is an application that displays real-time weather forecasts. WeatherCast may also display advertisements and download updates from its parent server.

See the following links:

http://www.spywarere...eatherCast.html
http://spweb.whenu.c...st_help.html#13
http://www.whenu.com...eathercast.html

Uninstall the following program/programs through Add/Remove programs (if they exist):

WeatherCast
*****************************

Weatherbug is considered adware, I recommend that you remove Weatherbug entirely. It is becoming
a nuisance and may install spyware/malware if you are not using the paid version.
WeatherPulse by Tropic Designs is, in my opinion, a better program and does not install any spyware/malware;
You can download it here (free): http://www.tropicdesigns.net. See the following link:
http://www.pchell.co...eatherbug.shtml.

Uninstall the following program/programs through Add/Remove programs (If they exist):

WeatherBug
****************

LimeWire is a Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware". That is LimeWire is a program that can be used as a vehicle for downloading spyware on to your computer system.

Uninstall the following program through Add/Remove programs (if they exist):

LimeWire and/or LimeShop

See the following link: http://www.spywarein...m/articles/p2p/.

Restart your computer.
*************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

F3 - REG:win.ini: load=?????? ???????

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ZHRMWEO] C:\WINDOWS\ZHRMWEO.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dsxddk.exe reg_run
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] "D:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "D:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [VVSN] D:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [vdtmetpuuxpl] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [uivefig] c:\windows\system32\tfjvqdq.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Ashish\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [svdqhlcfmxjx] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [starmxn] c:\windows\system32\htolxdf.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Ashish\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [SaveNow] C:\Program Files\SaveNow\SaveNow.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [rrogjno] c:\windows\system32\cdfncyq.exe
O4 - HKLM\..\Run: [qwvdxeh] c:\windows\system32\ngnjibv.exe
O4 - HKLM\..\Run: [quffjh] c:\windows\system32\oazzpd.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [nsvduv] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [ncsdguw] c:\windows\system32\hpvbdfr.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [KeenValue] C:\Program Files\Common files\KeenValue\KeenValue.exe
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nplanr.exe reg_run
O4 - HKLM\..\Run: [jkrmnxp] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [iymheyx] c:\windows\system32\wpayhqu.exe
O4 - HKLM\..\Run: [ivhykbxx] c:\windows\system32\ivhykbxx.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [FlaCPY] "c:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fhnbcxg] c:\w32\mtptt?????????
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [ebobkd] c:\dows\syste????????
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [dydeshare.exe] C:\WINDOWS\System32\dydeshare.exe
O4 - HKLM\..\Run: [dsqfifqz] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecwy32.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Geke3L.exe
O4 - HKLM\..\Run: [0BaDC] C:\WINDOWS\hfelxcfq.exe
O4 - HKCU\..\Run: [Ugtlbkye] C:\WINDOWS\system32\??stem\javaw.exe (PurityScan)
O4 - HKCU\..\Run: [shimgvw] C:\WINDOWS\System32\shimgvw.exe
O4 - HKCU\..\Run: [rtutils] C:\WINDOWS\System32\rtutils.exe
O4 - HKCU\..\Run: [Iinl] C:\Program Files\sami\emia.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Ashish\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Ashish\Client\HelpExp.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: BonziBUDDY.lnk = C:\Program Files\BonziBUDDY\BonziBDY.EXE
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

Optional Fixes

I highly recommend you to fix these items:

If you choose to remove WildTangent, put a check next to the following entry as well:

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

If you choose to remove Viewpoint Manager, put a check next to the following entry as well:

O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

If you choose to remove P2P Networking, put a check next to the following entries as well:

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

If you choose to remove NewDotNet, put a check next to the following entry as well:

O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

If you choose to remove Internet Optimizer, put a check next to the following entry as well:

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

If you choose to remove WeatherCast, put a check next to the following entry as well:

O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q

If you choose to remove WeatherBug, put a check next to the following entry as well:

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

If you choose to remove LimeWire, put a check next to the following entry as well:

O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe

Optional Antivirus Fixes

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [ClamWin] "D:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Optional Anti-spyware Fixes

O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SWN2] D:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [STOPzilla] D:\Program Files\STOPzilla!\STOPzilla.exe /install={0D3939DF-923C-4B4A-AB80-B0C1762A8BC4} /uilevel=3 /inithp=
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [@RegRunOnSecure] D:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [SpyBlocs] C:\Program Files\eBlocs\SpyBlocs\GLFAA.exe
O4 - HKCU\..\Run: [Regrun2] D:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

Optional miscellaneous Fixes

O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT (Peer to Peer File sharing program)
O4 - HKCU\..\Run: [RediffBOL] C:\Program Files\rediff.com\messenger\Bol.exe hide (Instant Messenger program)
O4 - HKCU\..\Run: [FileFreedom_Plugin] C:\Program Files\FileFreedom\wtm.exe (Pee to Peer File sharing program)

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Delete the following file/files marked in blue (if they exist):

C:\WINDOWS\System32\stlbdist.DLL
C:\WINDOWS\ZHRMWEO.exe
C:\WINDOWS\system32\dsxddk.exe
C:\WINDOWS\System\WinStart001.EXE
msblast.exe <-- (Do a search for this file and then delete it.)
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\ivhykbxx.exe
c:\windows\system32\tfjvqdq.exe
C:\WINDOWS\system32\n20050308.EXE
C:\Documents and Settings\Ashish\Local Settings\Temp\tb_setup.exe
c:\windows\system32\htolxdf.exe
C:\Documents and Settings\Ashish\Local Settings\Temp\se.dll
C:\WINDOWS\uptodate.exe
C:\WINDOWS\System32\bridge.dll
c:\windows\system32\cdfncyq.exe
c:\windows\system32\ngnjibv.exe
c:\windows\system32\oazzpd.exe
c:\windows\system32\rlvknlg.exe
c:\windows\system32\hpvbdfr.exe
C:\WINDOWS\msbb.exe
C:\WINDOWS\system32\nplanr.exe
c:\windows\system32\wpayhqu.exe
C:\WINDOWS\System32\idctup20.exe
c:\Program Files\Common Files\Java\flacpy.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\System32\dydeshare.exe
C:\windows\system32\elitecwy32.exe
C:\WINDOWS\alchem.exe
C:\WINDOWS\System32\
C:\WINDOWS\hfelxcfq.exe
C:\WINDOWS\System32\shimgvw.exe

Delete the following folder/folders marked in blue (if they exist):

c:\program files\support.com
C:\Program Files\winex
D:\Program Files\WhenUSearch
C:\Program Files\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE <-- (Search for the following file and delete the immediate directory that contains the file.)
C:\Program Files\Web_Rebates
C:\Program Files\webHancer
D:\Program Files\VVSN
C:\WINDOWS\system32\vidctrl
C:\Program Files\Common Files\Totem Shared
C:\program files\tvs
C:\Program Files\SuperBar
C:\Program Files\SaveNow
C:\Program Files\DelFin
C:\Program Files\Power Scan
C:\WINDOWS\system32\nsvsvc
C:\Program Files\NavExcel
C:\Program Files\DownloadWare
C:\Program Files\Common files\KeenValue
C:\Program Files\Blue Haven Media
C:\Program Files\KaZaA
C:\Program Files\ISTsvc
C:\WINDOWS\System32\IEDriver
C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\Common Files\CMEII
C:\Program Files\Bargain Buddy
C:\WINDOWS\system32\??stem\javaw.exe <-- (Be aware/careful of the location where you find this file, then delete the immediate directory that contains this file.)
C:\Program Files\sami
C:\Program Files\Alset
C:\Program Files\ezula
C:\Program Files\ClockSync
C:\Program Files\BonziBUDDY
C:\Program Files\Date Manager
C:\Program Files\Common Files\GMT
C:\Program Files\Common Files\KeenValue
C:\Program Files\PrecisionTime

Optional folder/folders marked in blue to be deleted (if they exist):

If you uninstalled WildTangent you need to remove the next folder also:

C:\Program Files\WildTangent

If you uninstalled Viewpoint Manager you need to remove the next folder also:

D:\Program Files\Viewpoint

If you uninstalled P2P Networking you need to remove the next folder also:

C:\WINDOWS\System32\P2P Networking

If you uninstalled NewDotNet you need to remove the next folder also:

D:\Program Files\NEWDOTNET

If you uninstalled Internet Optimizer you need to remove the next folder also:

C:\Program Files\Internet Optimizer

If you uninstalled WeatherCast you need to remove the next folder also:

C:\Program Files\WeatherCast

If you uninstalled WeatherBug you need to remove the next folder also:

C:\Program Files\AWS

If you uninstalled LimeWire you need to remove the next folder also:

D:\Program Files\LimeWire

Optional antivirus folder/folders marked in blue to be deleted (if they exist):

C:\Program Files\Alwil Software (Avast)
C:\Program Files\Trend Micro (Trend Micro's PC-cillin)
C:\Program Files\Navnt (Norton Antivirus)
D:\Program Files\ClamWin (ClamWin)
C:\Program Files\Grisoft (AVGFREE)

Optional anti-spyware file/files/folder/folders marked in blue to be deleted (if they exist):

C:\Program Files\Acceleration (eacceleration Stop Sign)
C:\Program Files\Common Files\eAcceleration (eacceleration Stop Sign)
C:\Program Files\SpyHunter (SpyHunter - Rogue antispyware program.)
D:\Program Files\Windows Defender (Windows Defender)
D:\Program Files\Spyware Nuker (Spyware Nuker)
D:\Program Files\STOPzilla! (StopZilla)
C:\WINDOWS\winbait.exe (RegRun)
D:\Program Files\Greatis (RegRun)
C:\Program Files\eBlocs (SpyBlocs - Rogue antispyware program.)

See the following link as a reference: http://www.spywarewa...nti-spyware.htm

Optional miscellaneous folder/folders marked in blue to be deleted (if they exist):

C:\Program Files\Blubster (Bluster - File sharing software)
C:\Program Files\rediff.com (rediff.com instant messenger - Security issues - see the following link: http://seclists.org/...3/Jan/0252.html )
C:\Program Files\FileFreedom (FileFreedom file sharing program - may download adware)

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer.
****************************************************

Your computer may have a CoolWebSearch Infection.
Please Download CoolWebShredder, Extract it and run the Program. Press the "Fix Button" Let it fix all variants.

Please restart your computer.
****************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Dear reena, if your having trouble connecting to the Internet, you can download the file definitions for the "Trojan Hunter" application manually at the following location: http://www.misec.net...unter/updating/
***********************************

TrendMicro™ HouseCall ActiveX Scan

Please go [color="purple"]HERE to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
You may receive a prompt to install the ActiveX, click install.
If you are taken back to the main page, click Launching HouseCall>> button again.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.

When the scan is finished, please restart your computer.
*******************************

Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm

Restart your computer.
************************************

Dear User, I would like you to add-on VX2 Cleaner to your Adware SE application. Here is how to do this:

How to use Lavasoft’s VX2 Cleaner add-on

Close Ad-Aware and Ad-Watch (if running)
Download the free VX2 Cleaner here
Install the VX2 Cleaner
Start Ad-Aware
Go to "Add-ons"
Select the VX2 Cleaner add-on and click "Run Tool"
If your computer isn’t infected, click "Close".

If your computer is infected

Select "Clean System"
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

See the following link: http://www.lavasoft....x2cleaner.shtml

Please restart your computer.
*******************************

Next, please download and run Spybot Search and Destroy 1.4 Here is a link to download Spybot S & R 1.4.
Here is a link on how to use How to use Spybot S & D.

Please reboot your computer.
***************************

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:

Edited by rambro, 16 June 2006 - 07:09 AM.

#17
reena

Posted 19 June 2006 - 12:35 PM

Member

Topic Starter
Member
27 posts

Hi Rambro,
Thanks for your answer. I do not have Desktop or startmenu. Can you please tell me how to open "MY COMPUTER'----------tools menu? so that I can move on further.
Thanks
Reena

#18
rambro

Posted 19 June 2006 - 12:50 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

How do you run your HijackThis on the computer in question?

What have you done so far from my last post?

Are you able to get to your windows explorer?

If you can get to your windows explorer you can start deleting those files I have mentioned.

The file to open your windows explorer is "explorer.exe".

rambro :blink:

#19
reena

Posted 19 June 2006 - 01:07 PM

Member

Topic Starter
Member
27 posts

Hi Rambro,
I am on the middle of your last reply.I have run all Symantec removal tools , and I have also run HijackThis log and deleted whatever you have suggested. till now i dont get back my desktop and taskbar.
Now You have suggested to do this.
your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

I dont know how to open "MY COMPUTER" without start menu or desktop. and i am on stuck on this. Can you please tell me what to do to open MY COMPUTER?

Thanks
Reena

Edited by reena, 19 June 2006 - 01:08 PM.

#20
rambro

Posted 19 June 2006 - 01:22 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

Can you get to your windows explorer?

rambro :blink:

#21
reena

Posted 19 June 2006 - 01:32 PM

Member

Topic Starter
Member
27 posts

Hi Rambro,
NO I havent get back windows explorer..When I run "Explorer.exe" taskbar comes for a sec and then it disappers.

Reena

#22
rambro

Posted 19 June 2006 - 01:35 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

Do you have a windows xp CD installation disk for your computer in question?

rambro :blink:

#23
reena

Posted 19 June 2006 - 01:52 PM

Member

Topic Starter
Member
27 posts

Hi Rambro,

I do have System recovery Cd and application recovery cd plus one cd named as " XPSP1a_ENG_PRO" .is it what you mean by? I am sorry I dont have much knowledge about it. so

Thanks
Reena

#24
rambro

Posted 19 June 2006 - 01:59 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

Can you run post #8 again in your thread and let me know in detail if your taskbar comes back.

rambro :blink:

#25
reena

Posted 19 June 2006 - 02:27 PM

Member

Topic Starter
Member
27 posts

Hi Rambro,

I did run thread # 8 again.and there is still no taskbar . and this is the new HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 4:22:06 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Apache Group\Apache\Apache.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\mysql\bin\mysqld-nt.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Documents and Settings\Ashish\Desktop\HijackThis.exe

N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Ashish\Application Data\Mozilla\Profiles\default\3csd7o5w.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Ashish\Application Data\Mozilla\Profiles\default\3csd7o5w.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [Tracker] D:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [svdqhlcfmxjx] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [starmxn] c:\windows\system32\htolxdf.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Juniper\NETSCR~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nplanr.exe reg_run
O4 - HKLM\..\Run: [jkrmnxp] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [iymheyx] c:\windows\system32\wpayhqu.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CMSMHOST] D:\Program Files\Cloudmark\Anti-Fraud Toolbar\IE\cmsmhost.exe /Server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tukati:4] C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:2
O4 - HKCU\..\Run: [TimeLeft] D:\Program Files\TimeLeft\timeleft.exe
O4 - HKCU\..\Run: [SwiftToDoList] D:\Program Files\Swift To-Do List\Swift To-Do List.exe minimized
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [ServUTrayIcon] D:\PROGRA~1\Serv-U\SERVUT~1.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Grubclient] C:\Program Files\Grubclient\grubgui.exe /s
O4 - HKCU\..\Run: [Crammer] C:\Program Files\crammerCrammer.exe
O4 - HKCU\..\Run: [Cacheman] D:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerPro.lnk = C:\Program Files\PowerPro\powerpro.exe
O4 - Startup: QClip.lnk = D:\Program Files\QClip\qclip.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: 1.pl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: NetScreen-Remote.lnk = D:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: wincapper.com
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearch.exe
O4 - Global Startup: winreg2.bat
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\comggkc.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Thanks
Reena

#26
rambro

Posted 19 June 2006 - 03:05 PM

Member 1K

Member
1,383 posts

Dear reena,

I have to think some things through on your log, but in the mean time go back to post #16 (that is, the big post I gave you) and continue with that post from this point in the post:

Your computer may have a CoolWebSearch Infection.
Please Download CoolWebShredder, Extract it and run the Program. Press the "Fix Button" Let it fix all variants.

Please restart your computer.

Try finishing the post from the above point in the post and let me know when you finish the post from that point in the post (that is run through those applications I gave you in the last half of the post).

Let me know in detail when this is done.

rambro :whistling:

#27
rambro

Posted 19 June 2006 - 05:44 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

I want you to try this post, but only after finishing my previous post.

Let us see if we can get your "desktop" back through a registry edit.

Dear reena, I would like you to edit your "registry settings", but before you do that, I want you to make a back up copy of your "registry" in case something goes wrong. Here is how this is done:

Back up your current registry

1) Click on the Start button.

2) From the menu that appears, choose Run.

3) In the window that appears, there is a text area labeled Open. In that area, type "regedit" (without the quotation marks").

4) Click the OK button (or hit the Enter or Return key on your keyboard).

5) The Registry Editor window should open.

6) If My Computer is not highlighted, click on it once so that it is highlighted.

7) On the menu bar, click on Registry and then click on Export Registry File.

8) The Export Registry File window will appear. In the Save In drop-down box at the top, choose Desktop.

9) In the File Name box at the bottom, type "backup1" (without the quotation marks), then click the Save button.

10) A backup copy of the entire registry will now be saved to your desktop in case something goes wrong.

Notes:

* To restore the registry from the backup file you made, follow the same steps as above, but in step 2 choose Import Registry File instead of Export Registry File. Or, alternatively, you could double-click on the backup file on the desktop and answer Yes when it asks if you want to import the information into the registry.
* Once you've made changes to the registry and you are sure that you no longer need the backup file you made, simply delete it from the desktop.

See the following link: http://helpdesk.umd....ndows_2000/555/. Pay attention to the following sections: Starting the Registry Editor and Backing Up the Registry.
**************************

Edit your registry

Go to the following link and click on it to open it up: http://www.kellys-ko...displaytabs.reg

Then from either your Internet Explorer browser or Mozilla FireFox browser, I want you to save this file to your "desktop" and save it as "restorealldisplaytabs.reg".

Dear reena, you are basically creating a .reg file and saving it to your desktop.

Once the "restorealldisplaytabs.reg" file is created on your desktop, go to your desktop, double-click on restorealldisplaytabs.reg, and click Yes to merge it with the registry.

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:

Let me know in detail if you get your "desktop" back.

Dear reena, since you have limited or no Internet access, you might have to go to a good computer, burn the file on to a CD and take the CD to the infected computer in question and perform the steps in this post.

Good Luck!!! :help:

#28
reena

Posted 20 June 2006 - 08:37 PM

Member

Topic Starter
Member
27 posts

HI Rambro,
I have gone through step # 16 and 27.there were many malware detected and deleted.but unfoutunately I cant run explorer.exe.,and couldnt get back desktop and taskbar. It just comes for a sec and then disappears.
Here is HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:31:39 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Apache Group\Apache\Apache.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\mysql\bin\mysqld-nt.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ashish\Desktop\HijackThis.exe

N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Ashish\Application Data\Mozilla\Profiles\default\3csd7o5w.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Ashish\Application Data\Mozilla\Profiles\default\3csd7o5w.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Tracker] D:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [svdqhlcfmxjx] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [starmxn] c:\windows\system32\htolxdf.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Juniper\NETSCR~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nplanr.exe reg_run
O4 - HKLM\..\Run: [jkrmnxp] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [iymheyx] c:\windows\system32\wpayhqu.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CMSMHOST] D:\Program Files\Cloudmark\Anti-Fraud Toolbar\IE\cmsmhost.exe /Server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tukati:4] C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:2
O4 - HKCU\..\Run: [TimeLeft] D:\Program Files\TimeLeft\timeleft.exe
O4 - HKCU\..\Run: [SwiftToDoList] D:\Program Files\Swift To-Do List\Swift To-Do List.exe minimized
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [ServUTrayIcon] D:\PROGRA~1\Serv-U\SERVUT~1.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Grubclient] C:\Program Files\Grubclient\grubgui.exe /s
O4 - HKCU\..\Run: [Crammer] C:\Program Files\crammerCrammer.exe
O4 - HKCU\..\Run: [Cacheman] D:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerPro.lnk = C:\Program Files\PowerPro\powerpro.exe
O4 - Startup: QClip.lnk = D:\Program Files\QClip\qclip.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: 1.pl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: NetScreen-Remote.lnk = D:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: wincapper.com
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.01.0000.2217\en-us\bin\WindowsSearch.exe
O4 - Global Startup: winreg2.bat
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\comggkc.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Thanks
Reena

#29
rambro

Posted 20 June 2006 - 09:05 PM

Member 1K

Member
1,383 posts

Dear reena, :whistling:

This is what I am thinking about your computer system. Basically you still have a great deal of spyware on your computer, but in order to get at this spyware, we have to get your desktop and taskbar back. I think that one of more applications in your Add or Remove program list, might be causing you to lose your desktop and taskbar (that is at least your taskbar.) Therefore, I would like your permission to start uninstalling some applications from your Add or Remove programs list, to see if we can get your desktop and taskbar back. If this is the cause, you can re-install these applications later on. Just remember to save your "personal" information created from the applications I tell you to uninstall.

Therefore, I would like you to run/create a new "Add/Remove Software list" log (see post #12) and post it here in a reply to this post. We will then start removing some applications from that list.

rambro :blink:

#30
reena

Posted 21 June 2006 - 08:00 AM

Member

Topic Starter
Member
27 posts

Hi Rambro,
Here is the list of add/remove programs .

ActivePerl 5.6.1 Build 633
ActivePerl 5.8.7 Build 813
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 6.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 7.0.7
Adobe SVG Viewer 3.0
AnalogX DLLArchive
Apache HTTP Server 1.3.33
Arles Image Web Page Creator 6.1.7
AVG Anti-Virus 7.1
Beat Monitor 2.0.0
Cacheman 5.50
Celestia 1.3.2
Cisco Systems VPN Client 4.8.00.0440
Cloudmark Anti-Fraud Toolbar for Microsoft Internet Explorer
CONCEPT X7
Cryn - The Dark Reflection
Data Access Objects (DAO) 3.0
DefragMentor Lite 1.0
DFX for Windows Media Player
Diary Defender
DigitalPrint 1.1
DivX 5.0.2 Pro Bundle
DVgate
Enigma
EPSON Printer Software
Experience VAIO
Far Manager v1.70
FeedReader
FireAnt RC1
Flock Developer Preview - 0.5pre
Forge Of Fate
FreshUI
GenealogyJ 2.3.2
GenoPro
GMail Drive Shell Extension
GNU Ghostscript Fonts
Google Gmail Notifier
Google Toolbar for Internet Explorer
Graphviz
GSview 4.4
GTK+ 1.3.0-20030717-1 runtime environment
Helexis Ads Filter
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Holding Pattern Screen Saver
Home Improvement 1-2-3
Hotfix for Windows XP (KB915865)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
hp psc 1310 series
HP Software Update
iabc_0.7
ImageStation
Infowalker
Invisible IRC Proxy (Remove only)
iPod for Windows 2005-03-23
ISO Recorder
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_01
Java 2 Runtime Environment, SE v1.4.0
Java 2 Runtime Environment, SE v1.4.1
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_01
Java 2 SDK, SE v1.4.1
Java 3D 1.3.1 (DirectX) Runtime
Java Web Start
KDE PIM 2.2.3
Keyboard Layout Manager 32 bit
kiki the nanobot 0.9.2
K-Lite Mega Codec Pack 1.53
Lernout & Hauspie TruVoice American English TTS Engine
Lucent Technologies Soft Modem AMR
Macromedia Flash 5
Macromedia Shockwave Player
MateMaster 1.5
MateMaster 1.5 (C:\Program Files\MateMaster 1.5\)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Money 2006
Microsoft Office
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft PowerPoint Viewer 97
Microsoft Project 98
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visio Professional 2002 SR-1 [English]
Microsoft Visio Viewer 2002
Microsoft Visual C++
Microsoft Windows Journal Viewer
Microsoft Windows Logo
MineSweeper3D (remove only)
mIRC
Ml_Icons 0.3
Motion JPEG Software Decoder
MovieShaker 3.3
Mozilla Firefox (1.5.0.4)
Mozilla Sunbird 0.3a1
Mozilla Thunderbird (1.5.0.2)
MP3 CD Converter 4.00
MP3 CD Maker
MP3 HTML Generator 3.08
MSDE
MSN Music Assistant
MSXML 4.0
MSXML 4.0
Music Visualizer Library
My IPs
MyInvoices & Estimates Deluxe
MySQL Server 5.0
MySQL Servers and Clients 3.23.52
MySQL-Front 2.4
Netscape Browser (remove only)
NetScreen Remote Login
NoteWorthy Composer
NuParadigm RSS Screensaver
NVIDIA Windows 2000/XP Display Drivers
ObjectDock
Opera 9.0
PaintBuster
PCMT 0.10
PDF-XChange 3.0
PE Builder 3.1.10a
PersonalBrain 3.0
PersonalBrain Exporter
PHP 4.3.9
Picasa 2
Plaxo Toolbar for Outlook and Outlook Express
PowerPro (remove only)
Python 2.3.2
QClip (remove only)
QuickVCD Player v3.0
Quotables Screensaver
Radio@Netscape
ReadPlease 2002/ReadPlease PLUS 2002
RealPlayer
RealProducer Basic 8.5
Registry Cleaner Version 4.0
RGBoid 1.0
Robosapien Dance Machine 1.0
Robosapien Dance Machine 2.2.1.4
Ruby 1.8.1-13 (uninstall)
SC UniPad 1.10
Scid 3.6.1
SDL_Perl (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Serv-U
Shareaza v1.8
Shockwave
SiS Audio Driver
SiS Compatible VGA V2.07f.01
Slickr
Sonic's Beatnik Player
SonicStage 1.2.00
SonicStage CD-R Writing Module
SonicStage Simple Burner 1.0
Sonique
Sony Certificate PCH
Sony DV Shared Library
Spybot - Search & Destroy 1.4
Spyware Doctor 3.8
StartUp Manager
Stellarium 0.7.1
Support Actions Win2K,WinXP
Swift To-Do List 3.00
Synapse Media Player
Taskman
TaxACT 2003
TaxACT 2004
TaxCut Deluxe 2005
Teachmaster 3.3
TextPad 4.6
The GIMP 1.2.5-20030729-1
The Jazz Midi Sequencer
tinySpell 1.3
Total Recorder 4.3
Total Video Converter 2.52
Trellian LiveUpgrade v2.0
TrojanHunter 4.5
TuneUp Utilities 2006
Tweak UI
UltraVNC v1.0.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
UrduPlugin
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Clock Screen Saver
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
VAIO System Information
Visual Music
VX2 Cleaner plug-in for Ad-Aware SE
WAtomic 1.2
Web Screen Saver
WebGUI
Webshots!
Winamp (remove only)
WinCvs 1.2
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888162
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
WordPerfect Office 2002 OEM
WordWeb
XEmacs
X-VCD Player
Yahoo! extras
Yahoo! Go for TV 0.1.34
Yahoo! Login
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
YAPC

Thanks
Reena