Author Topic: problem with taskbar (Read 1276 times)

Guest_jason · « **on:** January 19, 2005, 12:49:49 AM »

I have a few problems with my comp.
one. when i start up the computer, the network connections, remove hardware and volume control icons are missing from the taskbar (notification area near the clock). i can get them back but when i restart it they disappear. can anyone please help me

here is my hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 3:11:37 PM, on 19/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [COM+ System Applications] lsas.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Configuration Loader] wconfig.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Windows Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [COM+ System Applications] lsas.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnmsgr.exe
O4 - HKCU\..\Run: [Configuration Loader] wconfig.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: COM+ System Applications - Unknown - C:\WINDOWS\System32\lsas.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Windows User Mode Driver Framework - Unknown - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

guestolo · « **Reply #1 on:** January 19, 2005, 01:06:30 AM »

Please do a free Online Virus scan at RAV's

http://www.ravantivirus.com/scan/

When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and definition files

Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan

Then click the Scan my PC button
Let it completely finish scanning
Copy and Paste the results back here

Could you also
Download this virus checker from Kapersky
Mwav.exe

Double click to Run it
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane and paste it in your next reply.

If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning

Also post back with a fresh Hijackthis log, thanks

Before posting back with a hijackthis log

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates

Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Guest_jason · « **Reply #2 on:** January 20, 2005, 10:44:02 AM »

k here we go:

i went to that site with the free computer virus scan but when i press on 'scan my computer' the screen goes blue with writing on it and then the computer restarts.

and here is my eScan Antivirus log:
File C:\WINDOWS\System32\msc.cpl infected by "Backdoor.Suslix.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msc.cpl infected by "Backdoor.Suslix.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msoffice2.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uimpborl.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\octwain.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dial32.exe infected by "TrojanDropper.Win32.Small.hs" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msdef.exe.poly infected by "Backdoor.Win32.Agobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\suge.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[1].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[2].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[3].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[4].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[5].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[6].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[7].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[8].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[9].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\AV6B0P4F\x[1].exe infected by "Worm.Win32.Padobot.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\AV6B0P4F\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[1].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[2].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[3].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[4].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[5].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[6].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[7].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[8].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[9].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AV6B0P4F\x[1].exe infected by "Worm.Win32.Padobot.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AV6B0P4F\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msdef.exe.poly infected by "Backdoor.Win32.Agobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\suge.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\rewt.exe infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\load.exe infected by "TrojanDownloader.Win32.Small.mc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uimpborl.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\octwain.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dial32.exe infected by "TrojanDropper.Win32.Small.hs" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_pst01.jar-59cd40ed-7b01d77e.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-3ba539e4.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jason\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jessie\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\Program Files\Outlook Express\outl32l.exe infected by "Backdoor.Jeemp.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP149\A0052355.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP149\A0052379.exe infected by "TrojanSpy.Win32.Delf.ea" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP169\A0054106.exe infected by "TrojanDownloader.Win32.Dyfuca.cj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP185\A0055839.exe infected by "TrojanDownloader.Win32.Dyfuca.cj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP189\A0056059.exe infected by "TrojanDownloader.Win32.Dyfuca.cj" Virus. Action Taken: No Action Taken.
File C:\Recycled\1.exe infected by "TrojanDownloader.Win32.Small.fo" Virus. Action Taken: No Action Taken.
File D:\other crap\PATCH\ACKPANEL.EXE infected by "Trojan.DOS.Qrap" Virus. Action Taken: No Action Taken.

and here is my hijackthislog:
Logfile of HijackThis v1.99.0
Scan saved at 1:09:08 AM, on 21/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Task Manager.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\Jason\LOCALS~1\Temp\kavss.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Task Manager.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDC3F9E-EDEF-4C41-B6F9-A0755A92A978}: NameServer = 203.194.27.57 203.194.56.150
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

and i ran adaware, downloaded the latest update, did a full system scan and it only came up with 3 tracking cookies

i also tried spybot search and destroy but also came up with nothing.

judging by the eScan log i'd say that i have a damn lot of viruses. some help anyone?

guestolo · « **Reply #3 on:** January 20, 2005, 02:19:43 PM »

Okay, a little cleanup to do, but it doesn't look too bad

Let's take this by steps

1. Go into your control Panel and double click on the Java Plugin
Open the Cache tab and clear your cache

2.Download and Install this utility to clean all your Temp folders, cookies, prefetch,etc....
Windows CleanUp! by StevenGould
Install it for now, we'll let it clean the files later

3.Some of the nasties are in your System Restore folder
We must Disable System Restore
Use the link to show you how to Disable it if unsure
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm
Leave it Disabled for now, don't restart your computer yet

4.Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

5. Print this out or save to a Notepad file on your desktop for easy access, Disconnect from the Internet

6. Restart your computer into SAFE MODE

7. Go to START>>>RUN>>>type in services.msc and hit Enter
In the next window, look on the right hand side for this service
name---- ShellFolder for CD Burning

Double click on it--- STOP the service--
In the drop down menu, change the startup type to Disabled

8. Find and delete these files or folders in bold if they exist

C:\WINDOWS\System32\msc.cpl
C:\WINDOWS\system32\msoffice2.exe
C:\WINDOWS\system32\suge.exe
C:\WINDOWS\uimpborl.exe
C:\WINDOWS\ctwain.dll
C:\WINDOWS\octwain.exe
C:\WINDOWS\uctwain.dll
C:\WINDOWS\qpatchw32.dll
C:\WINDOWS\dial32.exe
C:\WINDOWS\System32\payload.dat
C:\WINDOWS\System32\msdef.exe.poly
C:\WINDOWS\Downloaded Program Files\load.exe

C:\Documents and Settings\Jessie\payload.dat
C:\Documents and Settings\Jason\payload.dat
D:\other crap\PATCH\ACKPANEL.EXE <--not sure about this one, take a look at the Patch folder, is there anything else in it, if not get rid of it

9. Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:

O4 - Startup: Task Manager.exe

O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

10. Again in safe mode
Open Windows CleanUp from the All programs menu
Click the CleanUp button
Let it finish scanning for files, when it's done it will prompt you to Log off
Instead>>Restart your computer back to Normal mode

Re-enable System Restore at this time

Just to be on the safe side
Download this free Trojan scanner>>Yours to keep
A-squared Free edition

Once installed ensure it is fully updated and then run a Full Scan
Let it fix whatever it finds and restart your computer if prompted

I would still suggest that you try that online scan again at Rav's
or try one at
Housecall's>>Set to Autoclean
http://housecall.trendmicro.com/
Ensure to use IE, I prefer firefox but Trends and Rav's needs the ActiveX component to run properly

Do what you can from the above
Post back a fresh hijackthis log afterwards

Guest · « **Reply #4 on:** January 21, 2005, 04:10:54 AM »

ok first of all there was no service called "shell folder for cd burning"

here is my recent hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 6:33:51 PM, on 21/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDC3F9E-EDEF-4C41-B6F9-A0755A92A978}: NameServer = 203.194.27.57 203.194.56.150
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

the ravantivirus scan still doesnt work but the trendmicro one did

and my taskbar still isnt showing the volume control, remove hardware and internet conection icons. when i go into control panel, sound and audio devices and click on place volume icon on taskbar, suddenly all three show up. but when i restart the computer they disappear

guestolo · « **Reply #5 on:** January 21, 2005, 10:30:11 PM »

Go to START>>Run>>type in regedit
Then hit OK

Navigate to this key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

You will need to expand(+) each entry
+HKEY_LOCAL_MACHINE
+SOFTWARE
+Microsoft
+Windows
+CurrentVersion

Left click and Highlight
ShellServiceObjectDelayLoad

Right click on ShellServiceObjectDelayLoad
and choose EXPORT from the Menu Bar

Save it to a convenient location such as MyDocuments
Name it shell
Exit Registry Editor

Navigate to MyDocuments and look for shell.reg
Right click on it and choose EDIT
Copy and paste the whole contents of the notepad text box back here

Guest_jason · « **Reply #6 on:** January 22, 2005, 04:22:58 AM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
@="{E61B5E20-DE35-11CF-9C87-1579005127ED}"

guestolo · « **Reply #7 on:** January 22, 2005, 04:36:39 AM »

Go back to this key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

Highlight ShellServiceObjectDelayLoad

On the right hand side look for this

Right click on @="{E61B5E20-DE35-11CF-9C87-1579005127ED}"
and choose delete

Exit Registry editor

Do another scan with Hijackthis and put a check next to these entries:

O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

Restart your computer and post back a fresh Hijackthis log

Guest_jason · « **Reply #8 on:** January 22, 2005, 05:02:56 AM »

ok here it is

Logfile of HijackThis v1.99.0
Scan saved at 7:27:31 PM, on 22/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

TheTechGuide Forum

News:

Author Topic: problem with taskbar (Read 1276 times)

Guest_jason

problem with taskbar

guestolo

problem with taskbar

Guest_jason

problem with taskbar

guestolo

problem with taskbar

Guest

problem with taskbar

guestolo

problem with taskbar

Guest_jason

problem with taskbar

guestolo

problem with taskbar

Guest_jason

problem with taskbar