Thread: No desktop
View Single Post
Old 04-16-2008, 11:42 PM   #2 (permalink)
taekyon2
Registered User
 
Join Date: Apr 2008
Posts: 2
OS: xp srvpk 2


Re: No desktop
ran several other programs, ands now seem to have a functioning machine. regular logon, no flashing desktop, etc. just want to make sure it really is ok? Thanks

Deckard's System Scanner v20071014.68
Run by mark on 2008-04-17 00:38:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 00:38:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\mark\Desktop\backup\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...er=6.0&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07A61EF8-E640-482A-B72D-7DC946F4CA51} - C:\WINDOWS\system32\ssqNGYOE.dll (file missing)
O2 - BHO: (no name) - {A3317720-F4A1-4276-AE0E-0398AB860219} - C:\WINDOWS\system32\ddcDspmJ.dll (file missing)
O2 - BHO: (no name) - {CF8029D8-3345-4446-A004-B7CCF7E0A9DC} - C:\WINDOWS\system32\urqRHbAT.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205601736296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1205602444468
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PscMonitor.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe


--
End of file - 4994 bytes

-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-16 21:13:54 23104 --a------ C:\WINDOWS\system32\svcprmpt.dll
2008-04-16 21:13:54 30976 --a------ C:\WINDOWS\rascntrl.dll
2008-04-16 21:05:15 0 d-------- C:\Program Files\CCleaner
2008-04-16 20:39:51 68096 --a------ C:\WINDOWS\zip.exe
2008-04-16 20:39:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-16 20:39:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-16 20:39:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-16 20:39:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-16 20:39:51 98816 --a------ C:\WINDOWS\sed.exe
2008-04-16 20:39:51 80412 --a------ C:\WINDOWS\grep.exe
2008-04-16 20:39:51 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-16 20:24:38 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-04-16 18:59:31 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-04-16 18:44:14 0 d-------- C:\Program Files\a-squared HiJackFree
2008-04-16 18:33:52 0 d-------- C:\Program Files\Netcom3 Cleaner
2008-04-16 18:16:01 0 d-------- C:\Program Files\Trend Micro
2008-04-16 18:10:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-15 23:55:51 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-15 23:30:54 0 d-------- C:\WINDOWS\ERUNT
2008-04-15 21:35:19 0 d-------- C:\Program Files\SpywareBlaster
2008-04-15 20:44:18 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-15 20:34:09 0 d-------- C:\Program Files\Panda Security
2008-04-15 20:03:57 106496 --a------ C:\WINDOWS\system32\gpydutkp.exe
2008-04-15 19:37:49 0 d-------- C:\VundoFix Backups
2008-04-15 18:50:12 0 d-------- C:\Program Files\Enigma Software Group
2008-04-15 18:47:00 106496 --a------ C:\WINDOWS\system32\mrcpmzux.exe
2008-04-15 11:50:57 102400 --a------ C:\WINDOWS\system32\lcnojqbs.exe
2008-04-14 23:21:11 0 d-------- C:\Program Files\Lavasoft
2008-04-14 23:21:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 23:09:39 0 d-------- C:\Program Files\Yahoo!
2008-04-14 22:48:19 2640 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-14 22:05:46 0 d-------- C:\Documents and Settings\mark\.housecall6.6
2008-04-14 18:59:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-04-14 18:59:23 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-04-14 18:55:32 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-04-14 18:55:19 0 d-------- C:\Program Files\Comodo
2008-04-14 18:52:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-14 18:52:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-14 18:51:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-14 18:50:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-14 18:48:53 0 d--hs---- C:\WINDOWS\CSC
2008-04-14 17:17:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-14 17:17:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-14 17:17:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-14 17:17:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-14 17:17:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-14 17:17:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-14 17:17:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-14 17:17:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-14 17:17:03 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-14 17:17:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-14 17:17:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-14 17:17:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-14 17:17:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-14 17:17:02 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-14 01:42:00 0 d-------- C:\Documents and Settings\mark\Application Data\TmpRecentIcons
2008-04-14 00:13:51 102400 --a------ C:\WINDOWS\system32\gzmtyfur.exe
2008-04-13 22:27:43 94208 --a------ C:\WINDOWS\system32\wnafozsf.exe
2008-04-13 22:05:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 22:02:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 22:01:15 94208 --a------ C:\WINDOWS\system32\jqnsnuxy.exe
2008-04-13 22:01:15 0 d-------- C:\Documents and Settings\All Users\Application Data\jitodovm
2008-04-09 23:29:02 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-05 23:34:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 23:34:28 0 d-------- C:\Documents and Settings\mark\Application Data\Mozilla
2008-03-26 18:48:58 36900 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-25 21:57:28 0 d-------- C:\Program Files\QuickTime
2008-03-25 21:57:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-25 21:41:36 0 d-------- C:\Documents and Settings\mark\Application Data\Apple Computer
2008-03-25 21:41:24 0 d-------- C:\Program Files\Safari
2008-03-25 21:41:16 0 d-------- C:\Program Files\Apple Software Update
2008-03-25 21:41:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-23 22:22:52 0 d-------- C:\Program Files\Common Files\Raxco
2008-03-23 22:22:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-03-23 22:22:34 0 d-------- C:\Program Files\RAXCO
2008-03-22 13:52:17 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2008-03-22 13:52:16 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2008-03-22 13:52:14 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-03-22 13:52:12 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-22 13:52:12 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-22 13:52:12 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-03-22 13:52:12 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-03-22 13:52:10 73728 -----n--- C:\WINDOWS\system\CMedia.dll
2008-03-22 13:52:06 0 d-------- C:\Program Files\PCI Audio Applications
2008-03-22 13:51:49 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-22 13:51:44 0 d-------- C:\Program Files\C-Media
2008-03-22 13:48:52 28672 --a------ C:\WINDOWS\CmiPCIUninstall.exe <Not Verified; ; CmiUSBUninstall Application>
2008-03-22 13:48:48 32768 --a------ C:\WINDOWS\system32\UDAPROP3.DLL <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-03-22 13:48:48 801280 --a------ C:\WINDOWS\system32\drivers\cmuda3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-03-22 13:48:48 36864 --a------ C:\WINDOWS\system32\CMUDA3.DLL <Not Verified; C-Media; C-Media cmuda.dll>
2008-03-22 13:48:48 233472 --a------ C:\WINDOWS\system32\CMRMDRV3.exe <Not Verified; ; CmiRemoveDriver Application>
2008-03-22 13:48:48 28672 --a------ C:\WINDOWS\system32\CMRMDRV3.DLL
2008-03-22 13:48:48 917504 --a------ C:\WINDOWS\system\CMDS3D3.DLL <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-03-22 13:48:48 0 d-------- C:\Program Files\C-Media PCI Audio
2008-03-19 18:26:35 0 d-------- C:\WINDOWS\Sun
2008-03-19 18:26:35 0 d-------- C:\Documents and Settings\mark\Application Data\Sun
2008-03-19 18:26:05 0 d-------- C:\Program Files\Java
2008-03-19 18:25:54 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-04-16 21:02:30 0 d-------- C:\Program Files\Common Files
2008-03-24 00:30:29 36932 --a------ C:\WINDOWS\cmijack.dat
2008-03-22 14:11:36 0 d-------- C:\Program Files\Google
2008-03-19 21:21:07 0 d-------- C:\Program Files\RGB
2008-03-15 15:10:18 0 d-------- C:\Program Files\Messenger
2008-03-15 11:36:58 0 d-------- C:\Documents and Settings\mark\Application Data\Macromedia
2008-03-15 11:36:57 0 d-------- C:\Documents and Settings\mark\Application Data\Adobe
2008-03-14 21:16:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-13 20:09:51 187 --a------ C:\Documents and Settings\mark\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-03-13 18:52:16 0 d-------- C:\Documents and Settings\mark\Application Data\DVD Profiler
2008-03-13 18:48:59 0 d-------- C:\Program Files\DVD Profiler
2008-03-13 00:32:47 0 d-------- C:\Program Files\CONEXANT
2008-03-13 00:29:50 0 d-------- C:\Program Files\Intel
2008-03-13 00:25:47 0 d-------- C:\Program Files\SigmaTel
2008-03-13 00:25:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 00:23:32 0 d-------- C:\Program Files\Dell
2008-03-13 00:16:25 0 d-------- C:\Documents and Settings\mark\Application Data\Identities
2008-03-13 00:00:37 0 d-------- C:\Program Files\microsoft frontpage
2008-03-13 00:00:16 0 -rahs---- C:\MSDOS.SYS
2008-03-13 00:00:16 0 -rahs---- C:\IO.SYS
2008-03-13 00:00:16 0 --a------ C:\CONFIG.SYS
2008-03-13 00:00:16 0 --a------ C:\AUTOEXEC.BAT
2008-03-12 23:58:46 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-12 23:58:03 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-12 23:57:54 0 d-------- C:\Program Files\Movie Maker
2008-03-12 23:56:40 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-12 23:56:20 0 d-------- C:\Program Files\Online Services
2008-03-12 23:55:59 0 d-------- C:\Program Files\Windows Plus
2008-03-12 23:54:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-12 23:54:35 0 d-------- C:\Program Files\Windows NT
2008-03-12 23:46:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-12 23:42:48 0 d-------- C:\Program Files\Microsoft.NET
2008-03-12 17:50:32 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-12 17:50:30 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-12 17:50:11 62 --ahs---- C:\Documents and Settings\mark\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A61EF8-E640-482A-B72D-7DC946F4CA51}]
C:\WINDOWS\system32\ssqNGYOE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3317720-F4A1-4276-AE0E-0398AB860219}]
C:\WINDOWS\system32\ddcDspmJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF8029D8-3345-4446-A004-B7CCF7E0A9DC}]
C:\WINDOWS\system32\urqRHbAT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 07:09 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 07:10 PM]
"C-Media Mixer"="Mixer.exe" [07/12/2002 04:33 PM C:\WINDOWS\mixer.exe]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [12/05/2001 04:47 PM]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [04/11/2008 09:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" [03/11/2008 10:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)




-- End of Deckard's System Scanner: finished at 2008-04-17 00:39:27 ------------
taekyon2 is offline