« previous next »
Pages: [1]   Go Down

Author Topic: I can't see my desktop  (Read 6802 times)

0 Members and 1 Guest are viewing this topic.

bulldozer246

  • Guest
I can't see my desktop
« on: December 15, 2007, 07:49:27 PM »
Last night, I downloaded and ran a "shady" program which I now regret.  At the time, avast notified me of the viruses it detected when I ran the program.  this is what is in the log:


* Task 'Resident protection' used
* Started on Friday, December 14, 2007 4:11:53 PM
* VPS: 071213-0, 12/13/2007
*

C:\DOCUME~1\VINCES~1\LOCALS~1\Temp\gos13.tmp [L] Win32:Dialer-FU [trj] (0)
File was successfully moved to chest...
C:\DOCUME~1\VINCES~1\LOCALS~1\Temp\gos14.tmp [L] Win32:Dialer-FU [trj] (0)
File was successfully moved to chest...
C:\DOCUME~1\VINCES~1\LOCALS~1\Temp\gos15.tmp [L] Win32:Dialer-FU [trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Vince s\Local Settings\Temporary Internet Files\Content.IE5\XI1TQNNQ\ozfle[1].htm [L] Win32:Tiny-II [trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\drivers\symavc32.sys [L] Win32:Agent-MET [Rtk] (0)
File was successfully moved to chest...
C:\Documents and Settings\Vince s\Local Settings\Temporary Internet Files\Content.IE5\0NM9MBT0\fekdjbhngm[1].htm [L] Win32:Tiny-II [trj] (0)
File was successfully moved to chest...

*
* Task stopped: Friday, December 14, 2007 9:46:39 PM
* Run-time was 5 hour(s), 34 minute(s), 46 second(s)
*

Now, after running a full boottime scan overnight and finding nothing, my computer starts up normally until my tray icons start running.  Whatever the problem is, it seems to let me see my desktop for about 5 seconds until it stops one of the tray icons.  I does this until there are no more icons in the tray and I am left with a screen without the bar on the bottom that has the tray and the start button.  I can still see my desktop background and I am able to run any programs using the windows task manager including avast but it hasn't found anything since last night.  I'm thinking that whatever virus this was did its damage and was stopped.  Does anyone know how I can bring back my desktop?

I tried system restore, but the only restore point that is there is right after the event last night

Windows XP

Let me know what other info I need and I can try to find it using "Run" since it's my only way of navigating my computer right now.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I can't see my desktop
« Reply #1 on: December 15, 2007, 08:16:59 PM »
Go to the website in this link and download Fixshell.cmd.  Run that and then post a Hijackthis log and I will see if I can fix it for you

http://cid-32d8666f4048075b.skydrive.live.com/browse.aspx/Malware%20files


  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Logged

bulldozer246

  • Guest
Re: I can't see my desktop
« Reply #2 on: December 15, 2007, 08:22:15 PM »
Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:08 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\iscsiexe.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\TEMP\462E91DE.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [s123dwe2] C:\WINDOWS\TEMP\FD8F537C.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GKC Dynamic DNS Updater (GKCDTDNS) - Unknown owner - C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8247 bytes
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: I can't see my desktop
« Reply #3 on: December 15, 2007, 08:28:50 PM »
Quote from: bulldozer246 on December 15, 2007, 07:49:27 PM
Last night, I downloaded and ran a "shady" program which I now regret.
Always check on VirusTotal online scanning before running "shady" programs...

Quote from: bulldozer246 on December 15, 2007, 07:49:27 PM
C:\DOCUME~1\VINCES~1\LOCALS~1\Temp\gos13.tmp [L] Win32:Dialer-FU [trj] (0)
File was successfully moved to chest...
C:\DOCUME~1\VINCES~1\LOCALS~1\Temp\gos14.tmp [L] Win32:Dialer-FU [trj] (0)
File was successfully moved to chest...
C:\DOCUME~1\VINCES~1\LOCALS~1\Temp\gos15.tmp [L] Win32:Dialer-FU [trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Vince s\Local Settings\Temporary Internet Files\Content.IE5\XI1TQNNQ\ozfle[1].htm [L] Win32:Tiny-II [trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Vince s\Local Settings\Temporary Internet Files\Content.IE5\0NM9MBT0\fekdjbhngm[1].htm [L] Win32:Tiny-II [trj] (0)
File was successfully moved to chest...
Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

Quote from: bulldozer246 on December 15, 2007, 07:49:27 PM
I tried system restore, but the only restore point that is there is right after the event last night
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

I also suggest:

Download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG or Panda.

Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
Logged
The best things in life are free.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I can't see my desktop
« Reply #4 on: December 15, 2007, 08:45:46 PM »
I would recommend removing netmeter  reasoning here http://www.bleepingcomputer.com/startups/NetMeter.exe-3644.html

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [s123dwe2] C:\WINDOWS\TEMP\FD8F537C.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

NetMeter

Please note any other programs that you dont recognize in that list in your next response

THEN

Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\TEMP\462E91DE.exe
C:\Program Files\NetMeter
C:\WINDOWS\TEMP\FD8F537C.exe


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Just the combofix and OTMoveit logs
Logged

bulldozer246

  • Guest
Re: I can't see my desktop
« Reply #5 on: December 15, 2007, 09:29:55 PM »
Everything worked fine, my desktop now doesn't disappear.  Here's the log:

ComboFix 07-12-15.5 - Vince s 2007-12-15 14:14:35.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2600 [GMT -6:00]
Running from: C:\Documents and Settings\Vince s\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\qomklli.dll
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\Temp\23404822.exe
C:\WINDOWS\Temp\27526935.exe
C:\WINDOWS\Temp\58461183.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LDRSVC
-------\LEGACY_SYMAVC32
-------\ldrsvc
-------\symavc32
-------\xpdx


(((((((((((((((((((((((((   Files Created from 2007-11-15 to 2007-12-15  )))))))))))))))))))))))))))))))
.

2007-12-15 13:20 . 2007-12-15 13:20   <DIR>   d--------   C:\Program Files\Trend Micro
2007-12-14 21:35 . 2007-12-14 21:35   2   --a------   C:\2014302581
2007-12-14 21:34 . 2007-12-14 21:34   142,336   --a------   C:\skaglnck.exe
2007-12-14 21:34 . 2007-12-14 21:34   57,856   --a------   C:\fjls.exe
2007-12-09 18:56 . 2007-12-09 19:01   <DIR>   d--------   C:\Program Files\Brunswick Bowling
2007-12-09 18:56 . 1998-01-27 11:31   127,488   --a------   C:\WINDOWS\system32\dsetup.dll
2007-12-09 18:56 . 1997-07-14 17:00   63,056   --a------   C:\WINDOWS\system32\dsetup16.dll
2007-12-09 18:56 . 1998-01-27 11:29   41,984   --a------   C:\WINDOWS\system32\dsetup32.dll
2007-12-09 10:20 . 2007-12-11 21:08   103,736   --a------   C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 10:20 . 2007-12-11 21:08   66,872   --a------   C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 10:20 . 2007-12-11 21:08   22,328   --a------   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 10:20 . 2007-12-11 21:08   22,328   --a------   C:\Documents and Settings\Vince s\Application Data\PnkBstrK.sys
2007-12-04 17:33 . 2007-12-04 17:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ATI
2007-12-02 12:21 . 2007-05-16 16:45   3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2007-12-02 12:21 . 2007-05-16 16:45   1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-02 12:21 . 2007-05-16 16:45   443,752   --a------   C:\WINDOWS\system32\d3dx10_34.dll
2007-12-02 12:21 . 2007-06-20 20:46   266,088   --a------   C:\WINDOWS\system32\xactengine2_8.dll
2007-12-02 12:21 . 2007-06-20 20:45   18,280   --a------   C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-01 13:51 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\ajxuxds3.sys
2007-12-01 13:09 . 2007-12-01 13:09   <DIR>   d--------   C:\Program Files\Microsoft Reader
2007-12-01 13:09 . 2003-06-05 17:15   57,436   --a------   C:\WINDOWS\DASShp.dll
2007-11-27 17:33 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\awr7r3ra.sys
2007-11-27 17:27 . 2007-03-12 16:42   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2007-11-27 17:27 . 2007-03-12 16:42   1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-27 17:27 . 2007-03-15 16:57   443,752   --a------   C:\WINDOWS\system32\d3dx10_33.dll
2007-11-27 17:27 . 2007-04-04 18:55   261,480   --a------   C:\WINDOWS\system32\xactengine2_7.dll
2007-11-27 17:27 . 2007-01-24 15:27   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-11-26 21:31 . 2007-11-26 21:31   <DIR>   d--------   C:\Program Files\Google
2007-11-26 18:26 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\ai1s0opq.sys
2007-11-24 21:51 . 2007-11-24 21:51   <DIR>   d--------   C:\Program Files\Microsoft Synchronization Services
2007-11-24 21:51 . 2007-11-24 21:51   <DIR>   d--------   C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-24 21:51 . 2007-11-24 21:54   <DIR>   d--------   C:\Program Files\Microsoft SQL Server
2007-11-24 21:47 . 2007-11-24 21:49   <DIR>   d--------   C:\Program Files\Microsoft Visual Studio 9.0
2007-11-24 21:47 . 2007-11-24 21:47   <DIR>   d--------   C:\Program Files\Microsoft SDKs
2007-11-24 21:47 . 2007-11-24 21:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-24 20:11 . 2007-11-24 20:11   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2007-11-24 18:56 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\atzcw845.sys
2007-11-23 19:34 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\at4yjvb3.sys
2007-11-22 15:11 . 2007-11-22 15:11   <DIR>   d--------   C:\Program Files\GKC
2007-11-22 15:07 . 2007-11-22 15:10   <DIR>   d--------   C:\Program Files\DirectUpdate v4
2007-11-22 14:54 . 2007-11-22 14:55   <DIR>   d--------   C:\wamp
2007-11-22 12:40 . 2007-10-10 17:55   6,065,664   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 12:40 . 2007-04-17 03:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 12:40 . 2007-03-07 23:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 12:40 . 2007-10-10 17:55   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 12:40 . 2007-10-10 17:55   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 12:40 . 2007-10-10 17:55   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 12:40 . 2007-10-10 17:55   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 12:40 . 2007-10-10 17:55   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 12:40 . 2007-10-10 04:59   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-22 00:19 . 2007-11-22 00:19   60,028   --ah-----   C:\WINDOWS\system32\mlfcache.dat
2007-11-22 00:17 . 2007-11-22 00:17   <DIR>   d--------   C:\Program Files\Safari
2007-11-22 00:16 . 2007-11-22 14:57   <DIR>   d--------   C:\Program Files\Bonjour
2007-11-21 11:24 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\a8s3lv27.sys
2007-11-20 16:19 . 2007-11-20 16:19   <DIR>   d--------   C:\Program Files\TightVNC
2007-11-19 20:00 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\awkswgh6.sys
2007-11-17 15:12 . 2007-11-17 15:12   <DIR>   d--------   C:\Program Files\Hasbro
2007-11-17 10:21 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\auwlddes.sys
2007-11-16 16:04 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\a2wmv5ki.sys
2007-11-15 17:44 . 2004-08-03 15:59   49,536   --a------   C:\WINDOWS\system32\drivers\atddamfi.sys

.
Logged

bulldozer246

  • Guest
Re: I can't see my desktop
« Reply #6 on: December 15, 2007, 09:30:34 PM »
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 20:03   ---------   d-----w   C:\Program Files\StormII
2007-12-15 19:45   ---------   d-----w   C:\Program Files\WeBot
2007-12-15 19:45   ---------   d-----w   C:\Program Files\uTorrent
2007-12-15 03:36   ---------   d-----w   C:\Program Files\Trillian
2007-12-15 03:36   ---------   d-----w   C:\Documents and Settings\Vince s\Application Data\uTorrent
2007-12-14 22:15   ---------   d-----w   C:\Documents and Settings\Vince s\Application Data\Skype
2007-12-09 01:52   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-04 23:33   ---------   d-----w   C:\Documents and Settings\Vince s\Application Data\ATI
2007-12-04 23:29   ---------   d-----w   C:\Program Files\ATI Technologies
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-12-04 00:31   ---------   d-----w   C:\Program Files\Activision
2007-11-27 23:34   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-11-26 03:20   ---------   d-----w   C:\Program Files\Winamp
2007-11-22 06:17   ---------   d-----w   C:\Documents and Settings\Vince s\Application Data\Apple Computer
2007-11-16 03:13   ---------   d-----w   C:\Documents and Settings\Vince s\Application Data\U3
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 18:44   ---------   d-----w   C:\Program Files\iTunes
2007-11-10 18:44   ---------   d-----w   C:\Program Files\iPod
2007-11-10 18:42   ---------   d-----w   C:\Program Files\QuickTime
2007-11-04 02:33   ---------   d-----w   C:\Program Files\Atari
2007-11-04 02:32   ---------   d-----w   C:\Documents and Settings\Vince s\Application Data\Atari
2007-11-04 02:31   ---------   d-----w   C:\Program Files\EA GAMES
2007-11-02 05:52   2,644,480   ----a-w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-02 04:57   9,314,304   ----a-w   C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24   176,128   ----a-w   C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10   364,544   ----a-w   C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09   268,288   ----a-w   C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01   26,112   ----a-w   C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01   143,360   ----a-w   C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01   122,880   ----a-w   C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00   43,520   ----a-w   C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00   122,880   ----a-w   C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59   495,616   ----a-w   C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58   53,248   ----a-w   C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50   3,133,728   ----a-w   C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39   1,602,176   ----a-w   C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35   307,200   ----a-w   C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26   5,435,392   ----a-w   C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24   376,832   ----a-w   C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22   49,152   ----a-w   C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-02 03:22   17,408   ----a-w   C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16   499,712   ----a-w   C:\WINDOWS\system32\ati2cqag.dll
2007-11-02 03:05   593,920   ----a-w   C:\WINDOWS\system32\ati2sgag.exe
2007-11-02 00:42   ---------   d-----w   C:\Program Files\TI Education
2007-11-02 00:42   ---------   d-----w   C:\Program Files\Common Files\TI Shared
2007-11-02 00:41   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 00:29   ---------   d-----w   C:\Program Files\TiLP
2007-10-31 20:09   30,464   ----a-w   C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-29 22:35   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-28 22:00   ---------   d-----w   C:\Program Files\touchFree
2007-10-28 14:41   ---------   d-----w   C:\Program Files\Logitech
2007-10-28 14:41   ---------   d-----w   C:\Program Files\Common Files\Logitech
2007-10-27 23:40   222,720   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-24 07:47   96,760   ----a-w   C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47   84,480   ----a-w   C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47   282,112   ----a-w   C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47   158,720   ----a-w   C:\WINDOWS\system32\mscorier.dll
2007-10-11 15:55   88,576   ----a-w   C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55   579,584   ----a-w   C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55   11,776   ----a-w   C:\WINDOWS\system32\icardres.dll
2007-10-09 19:03   779,800   ----a-w   C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 19:03   73,752   ----a-w   C:\WINDOWS\system32\dxva2.dll
2007-10-09 19:03   493,080   ----a-w   C:\WINDOWS\system32\evr.dll
2007-10-09 19:03   350,744   ----a-w   C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 19:03   33,304   ----a-w   C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 19:03   161,304   ----a-w   C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 19:03   106,520   ----a-w   C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 19:03   1,986,072   ----a-w   C:\WINDOWS\system32\milcore.dll
2007-10-09 18:58   16,896   ----a-w   C:\WINDOWS\system32\tswpfwrp.exe
2007-05-28 16:58   47,360   ----a-w   C:\Documents and Settings\Vince s\Application Data\pcouffin.sys
2007-01-28 22:28   65   ----a-w   C:\Program Files\Common Files\appop.log
2007-02-27 23:37   61   --sh--w   C:\WINDOWS\cnerolf.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 06:06]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 16:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 00:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-02 16:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2007-05-07 19:28]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

Logged

bulldozer246

  • Guest
Re: I can't see my desktop
« Reply #7 on: December 15, 2007, 09:31:25 PM »
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"EA Core"=C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Profiler"=C:\Program Files\Saitek\Software\Profiler.exe
"SaiSmart"=C:\Program Files\Saitek\Software\SaiSmart.exe
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
"MindSoft FreeRAM"=C:\Program Files\Summitsoft\SystemTech XP\FreeRAM.exe
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"NWEReboot"=
"Run StartupMonitor"=StartupMonitor.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R2 GKCDTDNS;GKC Dynamic DNS Updater;C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
R2 MSiSCSI;Microsoft iSCSI Initiator Service;C:\WINDOWS\System32\iscsiexe.exe
R2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 iScsiPrt;iScsiPort Driver;C:\WINDOWS\system32\DRIVERS\msiscsi.sys
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 CTL518;Video Blaster WebCam (WDM);C:\WINDOWS\system32\DRIVERS\wcvid.sys
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 TiglUsb;TiglUsb.sys TI-GRAPH / DIRECT LINK USB driver;C:\WINDOWS\system32\Drivers\TiglUsb.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-09-16 03:53:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 20:25:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 14:24:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-15 14:26:46 - machine was rebooted
.
2007-12-13 21:53:31   --- E O F --- 


And By the way, thanks for the help, it is greatly appreciated!
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I can't see my desktop
« Reply #8 on: December 15, 2007, 10:55:19 PM »
Nearly done just a few more bits to remove  ;D

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\2014302581
C:\skaglnck.exe
C:\fjls.exe
C:\WINDOWS\system32\drivers\ajxuxds3.sys
C:\WINDOWS\system32\drivers\awr7r3ra.sys
C:\WINDOWS\system32\drivers\ai1s0opq.sys
C:\WINDOWS\system32\drivers\a8s3lv27.sys
C:\WINDOWS\system32\drivers\awkswgh6.sys
C:\WINDOWS\system32\drivers\auwlddes.sys
C:\WINDOWS\system32\drivers\a2wmv5ki.sys
C:\WINDOWS\system32\drivers\atddamfi.sys
C:\WINDOWS\system32\drivers\atzcw845.sys
C:\WINDOWS\system32\drivers\at4yjvb3.sys
C:\WINDOWS\cnerolf.dat


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


If you could follow that up with a final Hijackthis log
Logged

bulldozer246

  • Guest
Re: I can't see my desktop
« Reply #9 on: December 15, 2007, 11:11:57 PM »
I have done so and here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:00 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\iscsiexe.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Vince s\Desktop\ServInfo\ServInfo.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GKC Dynamic DNS Updater (GKCDTDNS) - Unknown owner - C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9415 bytes
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I can't see my desktop
« Reply #10 on: December 15, 2007, 11:19:06 PM »
OK then how about we call you done  ;D

Now the best part of the day ----- Your log now appears clean  :thumbsup:

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe  :wave:
Logged

bulldozer246

  • Guest
Re: I can't see my desktop
« Reply #11 on: December 16, 2007, 12:43:09 AM »
Thanks once again, I did what you recommended and everything is working great.  I'll definitely be more careful after this most recent scare.
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: I can't see my desktop
« Reply #12 on: December 16, 2007, 08:41:32 PM »
Quote from: bulldozer246 on December 16, 2007, 12:43:09 AM
I'll definitely be more careful after this most recent scare.

Quote from: Tech on December 15, 2007, 08:28:50 PM
Always check on VirusTotal online scanning before running "shady" programs...

I suggest you test any 'new' file at www.virustotal.com
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »