Free PC Performance Scan

Member Panel

Remember me ?

Forgot password?   

Join the PC Help Forum Team

Join PC Help Forum on Facebook

Join the PCHF Distributed Computing Teams

Try the NEW PC Help Forum Dark style

Link to PCHF from other parts of the Internet
PC Forum PC Help Forum » Operating Systems » Windows XP/2000 » Run and Shut Down icons disappeared, help with log

Windows XP/2000 - Run and Shut Down icons disappeared, help with log posted in the Operating Systems forums; Hi, I think my laptop got infected today and I need some help fixing it. Today when I logged on the Run and Shut Down icons had disappeared from the ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 3 1 23 >
  #1  
Old 06-30-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 8
PC Experience: Some Experience
Brendo101 - See this Members User comments on their Profile page
Default Run and Shut Down icons disappeared, help with log
Hi,
I think my laptop got infected today and I need some help fixing it.
Today when I logged on the Run and Shut Down icons had disappeared from the Start Menu. I logged on as a different user and it was the same. When I try Ctrl-Alt-Del it tells me Task Manager has been disabled by my administrator.
The first time I logged on as each user, 4 Windows Explorer windows popped-up pointing towards My Documents.
Since then, I have been unable to get updates for Windows One LiveCare (again saying it cannot get updates because I am not administrator, even though I am logged into what is meant to be the administrator account), and its virus scans are not returning any problems.

I have done the "Pre Work" as per the initial post in the forum, here are the resulting logs:

main.txt
Deckard's System Scanner v20071014.68
Run by WAYNE on 2008-06-30 22:33:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
31: 2008-06-30 12:34:05 UTC - RP308 - Deckard's System Scanner Restore Point
30: 2008-06-30 09:52:19 UTC - RP307 - System Checkpoint
29: 2008-06-28 09:01:30 UTC - RP306 - System Checkpoint
28: 2008-06-25 07:20:13 UTC - RP305 - System Checkpoint
27: 2008-06-23 09:10:24 UTC - RP304 - System Checkpoint

-- First Restore Point --
1: 2008-04-02 09:34:30 UTC - RP278 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 1 GiB (less than 15%) free.

-- HijackThis (run as WAYNE.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:59 PM, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\siswlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\WAYNE.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe
C:\Program Files\Wireless LAN Utility\SISCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\dss.exe
C:\HIJACK~1\WAYNE.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
F3 - REG:win.ini: load=C:\DOCUME~1\WAYNE\LOCALS~1\services.exe
F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\smss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 3.exe
O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [LAPTOP] C:\WINDOWS\win.pif
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX590 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB PP.EXE /FU "C:\DOCUME~1\WAYNE\LOCALS~1\Temp\E_S4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WAYNE] C:\DOCUME~1\WAYNE\LOCALS~1\Temp\Tmp.com
O4 - HKLM\..\Policies\Explorer\Run: [(Default)] C:\DOCUME~1\WAYNE\LOCALS~1\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
O4 - HKUS\S-1-5-18\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Craft ROBO Status Supervisor.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: MsNet Service (MsNet) - - C:\WINDOWS\Fonts\font.bat
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\WINDOWS\system32\siswlsvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
--
End of file - 7217 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SISNPF (SIS Netgroup Packet Filter) - c:\windows\system32\drivers\sisnpf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 Asushwio - c:\windows\system32\drivers\asushwio.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 SiSWLSvc (SiS WirelessLan Service) - c:\windows\system32\siswlsvc.exe
R2 SwiWiFiComm - c:\program files\sierra wireless\aircard 580\generic\components\swiwificomm.exe
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2007-06-14 06:44:40 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------
2008-06-30 22:13:35 0 d-------- C:\HijackThis
2008-06-30 21:53:16 77824 -r-hs---- C:\WINDOWS\WAYNE.exe
2008-06-24 19:08:17 77824 -r-hs---- C:\WINDOWS\.exe
2008-06-22 20:41:07 77824 -r-hs---- C:\WINDOWS\winlogon.exe
2008-06-22 20:41:07 77824 -r-hs---- C:\WINDOWS\svchost.exe
2008-06-22 20:41:07 77824 -r-hs---- C:\WINDOWS\smss.exe
2008-06-22 20:41:06 77824 -r-hs---- C:\WINDOWS\SYSTEM.exe
2008-06-22 20:41:06 77824 -r-hs---- C:\WINDOWS\services.exe
2008-06-22 20:36:51 77824 -r-hs---- C:\WINDOWS\win.pif
2008-06-22 20:36:51 77824 -r-hs---- C:\WINDOWS\system32\command.cmd
2008-06-22 20:36:51 77824 -r-hs---- C:\WINDOWS\system\wininit.com
2008-06-22 20:36:51 77824 -r-hs---- C:\WINDOWS\system\regedit.exe
2008-06-22 20:36:50 77824 -r-hs---- C:\WINDOWS\system32\msdp32.dll
2008-06-22 20:36:50 77824 -r-hs---- C:\WINDOWS\system32\LAPTOP.exe
2008-06-22 20:36:50 77824 -r-hs---- C:\WINDOWS\Bec.exe
2008-06-22 20:36:50 77824 -----n--- C:\temp.exe
2008-06-22 20:36:50 77824 ---hs---- C:\AutoRun.exe

-- Find3M Report ---------------------------------------------------------------
Nothing modified in this timespan.

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [03/11/2004 05:48 PM]
"SoundMan"="SOUNDMAN.EXE" [29/09/2004 06:38 AM C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [26/08/2004 03:35 AM]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [19/09/2003 12:54 PM]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [19/01/2004 04:33 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [20/10/2004 04:20 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/10/2004 04:20 PM]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [31/10/2003 07:42 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [30/06/2000 04:59 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [03/07/2000 12:48 PM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [30/06/2000 10:00 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [09/07/2001 11:50 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb03.exe" [25/07/2001 11:08 PM]
"AirCardEnabler"="C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe" [30/06/2005 11:19 AM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [28/05/2008 12:35 PM]
"LAPTOP"="C:\WINDOWS\win.pif" [02/11/2007 08:37 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:00 PM]
"EPSON Stylus Photo RX590 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIBPP.exe" [23/05/2006 02:00 PM]
"WAYNE"="C:\DOCUME~1\WAYNE\LOCALS~1\Temp\Tmp.c om" [02/11/2007 08:37 PM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"SYSTEM"=C:\WINDOWS\TEMP\Tmp.com
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [8/04/2005 9:17:16 AM]
Hotkey.lnk - C:\Program Files\Asus\ASUS Hotkey\Hotkey.exe [8/04/2005 9:17:26 AM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [8/04/2005 9:19:39 AM]
SiWake.lnk - C:\Program Files\Wireless LAN Utility\SiWake.exe [8/04/2005 9:21:18 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [30/06/2000 10:15:10 AM]
Craft ROBO Status Supervisor.lnk - C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe [27/05/2007 3:51:23 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]
"(Default)"=C:\DOCUME~1\WAYNE\LOCALS~1\winlogon.ex e
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"LockTaskbar"=1 (0x1)
"NoClose"=1 (0x1)
"NoFind"=1 (0x1)
"NoRun"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"StartMenuLogOff"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
"(Default)"=win.com C:\WINDOWS\system32\msdp32.dll
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer\Run]
"(Default)"=win.com C:\WINDOWS\system32\msdp32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="C:\DOCUME~1\WAYNE\LOCALS~1\svchost.e xe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DO CUME~1\WAYNE\LOCALS~1\smss.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2ce21c40-cc99-11d9-9ada-806d6172696f}\_Autorun\DefaultIcon]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2ce21c40-cc99-11d9-9ada-806d6172696f}\_Autorun\DefaultIcon- E:\fscommand/PS.ico]


-- End of Deckard's System Scanner: finished at 2008-06-30 22:37:14 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 2.93GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 447.36 MiB / 185.6 MiB
Pagefile Memory (total/avail): 1058.2 MiB / 790.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.89 MiB
C: is Fixed (FAT32) - 21.25 GiB total, 1 GiB free.
D: is Fixed (FAT32) - 14.12 GiB total, 10.63 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - HTS424040M9AT00 - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 1906.12 MiB
\PARTITION1 (bootable) - Unknown - 21.27 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 14.13 GiB - D:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation) Outdated
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"="C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe:*isabled:LiveUpdt"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\WAYNE\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\WAYNE
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOW S\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WAYNE\LOCALS~1\Temp
TMP=C:\DOCUME~1\WAYNE\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=WAYNE
USERPROFILE=C:\Documents and Settings\WAYNE
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
WAYNE (admin)
ANN (admin)
Bec (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11b USB Wireless LAN Adapter --> C:\WINDOWS\system32\unwlsdrv.exe SiS162u
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Asus ChkMail --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Asus\Asus ChkMail\Uninst.isu"
ASUS Hotkey --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\ASUS Hotkey\DeIsL1.isu" -c"C:\Program Files\ASUS\ASUS Hotkey\_ISREG32.DLL"
ASUS Live Update --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Program Files\ASUS\ASUS Live Update\Uninst.dll"
ASUS Probe V2.11 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Probe\Uninst.isu"
ASUSDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ATK0100 ACPI UTILITY --> C:\WINDOWS\ATK0100\XPunin.exe
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F92229B-8CE2-4482-8047-9DBF49CA5F58}\SETUP.EXE" -l0x9 UNINST
Craft ROBO Controller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4969B36-52D2-4624-A453-00DB6B7A18D8}\setup.exe" -l0x9 -uninst -removeonly
Creative Memories Memory Manager 2 (International) --> MsiExec.exe /I{0F1A3568-7419-4115-A207-512B9F688267}
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{956673F5-0C6B-4428-A5D1-277AF533E098}\SETUP.EXE" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDAT E.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPRX560_590 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPRX560_590\ENG\USE_G\DOCUNI NS.EXE
FoneSync --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
GTOneCare --> MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HijackThis 2.0.2 --> "C:\Documents and Settings\WAYNE\Local Settings\Temporary Internet Files\Content.IE5\59T0RPIF\HijackThis.exe" /uninstall
hp deskjet 948c series (Remove only) --> C:\Program Files\hp deskjet 948c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=948c -huninstall
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Medi@Show --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\MediaShow\Uninst.isu"
Memory Manager Shared Components Update --> MsiExec.exe /I{855544EF-FF9E-4BB0-9CCF-B9D930FE6FFD}
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Windows Live OneCare Resources v2.0.2500.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.14 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.0.2500.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe E:\
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Mozilla Firefox (2.0.0.1) --> C:\PROGRA~1\MOZILL~1\uninstall\uninst.exe
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Power4 Gear V1.10 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\Power4 Gear\Uninst.isu"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
ROBO Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FCCFF72-52AB-4204-9A24-8CFED3A81FF6}\setup.exe" -l0x9 -uninst -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Sierra Wireless AirCardŽ 580 --> MsiExec.exe /X{9B0D202C-C0B4-4EEB-BE00-03D9F2279A35}
Sierra Wireless Network Adapter Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DEC2C44-BB50-11D4-9E04-0050DA701DC9}\setup.exe" UNINSTALL
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SU BSYS_18161043\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_18161043
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
Type Fonts --> C:\PROGRA~1\TYPEFO~1\UNWISE.EXE C:\PROGRA~1\TYPEFO~1\INSTALL.LOG
ViceVersa Pro 1.3.1 --> "C:\Program Files\ViceVersa Pro\unins000.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E6 6584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
WINFLASH V2.15 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\WINFLASH\Uninst.isu"
Wireless LAN Utility --> "C:\Program Files\Wireless LAN Utility\unWuty.exe" Wireless LAN Utility

-- Application Event Log -------------------------------------------------------
Event Record #/Type4983 / Error
Event Submitted/Written: 06/30/2008 09:45:56 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.co...uthrootseq.txt> with error: This network connection does not exist.
Event Record #/Type4982 / Error
Event Submitted/Written: 06/30/2008 09:45:56 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.co...uthrootseq.txt> with error: A connection with the server could not be established
Event Record #/Type4969 / Error
Event Submitted/Written: 06/28/2008 01:11:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.co...uthrootseq.txt> with error: This network connection does not exist.
Event Record #/Type4968 / Error
Event Submitted/Written: 06/28/2008 01:11:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.co...uthrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type4943 / Warning
Event Submitted/Written: 06/24/2008 09:18:22 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type27709 / Error
Event Submitted/Written: 06/30/2008 09:54:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Application Layer Gateway Service service failed to start due to the following error:
%%1053
Event Record #/Type27708 / Error
Event Submitted/Written: 06/30/2008 09:54:47 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
Event Record #/Type27605 / Error
Event Submitted/Written: 06/30/2008 05:43:41 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type27604 / Error
Event Submitted/Written: 06/30/2008 05:43:41 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type27282 / Warning
Event Submitted/Written: 06/28/2008 01:39:36 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000272499C22. The IP address being used is 169.254.51.133.

-- End of Deckard's System Scanner: finished at 2008-06-30 22:37:14 ------------

I'd appreciate any help with this, thanks.
  #2  
Old 07-01-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile page
Default Re: Run and Shut Down icons disappeared, help with logs
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 07-01-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 8
PC Experience: Some Experience
Brendo101 - See this Members User comments on their Profile page
Default Re: Run and Shut Down icons disappeared, help with logs
Thanks for your help so far.

I read the ComboFix guide, downloaded the tool and tried to run it and got this error popup:

Title: Expired - 08-06-20.4
Message: Current date is Tue 01/07/2008
This copy of ComboFix has expired.
Please download an updated copy.

I have downloaded ComboFix from each of the links provided in the guide, all with the same error, and tried to find ComboFix from an alternative source via google, but the 1 copy I downloaded gave me the same error.

Would you be able to direct me to an updated copy?

Thanks.
  #4  
Old 07-01-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile page
Default Re: Run and Shut Down icons disappeared, help with logs
Try this..


http://www.forospyware.com/sUBs/ComboFix.exe


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 07-02-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 8
PC Experience: Some Experience
Brendo101 - See this Members User comments on their Profile page
Default Re: Run and Shut Down icons disappeared, help with logs
I downloaded the tool from this new location, but I still get the same 'Expired' message (now with today's date) when I try drag Windows Bootdisk download onto the ComboFex.exe (as per the Combofix guide).

The first time I ran it with this new tool, I got a C++ error message popup up as well as the "Expired" popup, but I didn't get the details down.

Combofix.exe gets deleted when this error occurs, so I downloaded it again and tried running it again so I could get the details of this C++ error, but it didn't occur again, it just got the Expired error popup.

I noticed this time though, that a Combofix folder and a Bug.txt were created on the C:\, I don't know if they existed before I ran Combofix this time (I didn't look in Windows Explorer after I ran the orginal Combofix downloads).

The Combofix folder only contains 1 file: nircmd.com

The contents of Bug.txt are as follows:

pushd "C:\327882R2FWJFW\"
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\WAYNE\Application Data
cfldr=327882R2FWJFW
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\WAYNE
kmd=CF2167.exe
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDO WS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOW S\System32\Wbem
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;. JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\WAYNE\Desktop\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WAYNE\LOCALS~1\Temp
TMP=C:\DOCUME~1\WAYNE\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=WAYNE
USERPROFILE=C:\Documents and Settings\WAYNE
windir=C:\WINDOWS
=============================================

if not defined sfxname goto END
If [] == [] Set "SfxCmd="
if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort
if exist "C:\DOCUME~1\WAYNE\LOCALS~1\Temp\327882R2FWJFW3278 82R2FWJFW.log" del "C:\DOCUME~1\WAYNE\LOCALS~1\Temp\327882R2FWJFW3278 82R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Volume: C:\ does not support Access Control Lists

copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF2167.exe"
1 file(s) copied.
if not exist "C:\WINDOWS\system32\CF2167.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF2167.exe"
For /F "tokens=*" %g in ("C:\Documents and Settings\WAYNE\Desktop\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)
Set FileName 1>FileName 2>nul
GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)
DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00
Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk
If exist dirname0? del /Q dirname0?
If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)
If exist "\ComboFix" rd /s/q "\ComboFix"
If exist "\ComboFix" goto :eof
VER | Findstr -ic:"[Version 6.0" && (Call :Vista ) ||
CD ..
Set "comspec=C:\WINDOWS\system32\CF2167.exe"
(
echo.md "\ComboFix"
echo.Move /y "\327882R2FWJFW\*" "\ComboFix"
echo.RD /S/Q "\327882R2FWJFW"
echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF2167.exe" /k c.bat
echo.pv -kf cmd.exe
) 1>Start_.cmd
NirCmd exec hide "C:\WINDOWS\system32\CF2167.exe" /f:off /d /c call Start_.cmd
NirCmd execmd del "\327882R2FWJFW\prep.cmd"
EXIT


-- End of contents

Any further thoughts with this? Thanks again for your help here.
  #6  
Old 07-03-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile pagePancake - See this Members User comments on their Profile page
Default Re: Run and Shut Down icons disappeared, help with logs
Ok.If you have downloads remove them.Get this one and run it.Its should be fine.

http://download.bleepingcomputer.com...+/ComboFix.exe


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #7  
Old 07-03-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 8
PC Experience: Some Experience
Brendo101 - See this Members User comments on their Profile page
Default Re: Run and Shut Down icons disappeared, help with logs
Mate you aremy hero, that one has worked, I now have access to my Run & Shut Down icons, and the Task Manager.

Here is the log from Combofix:
ComboFix 08-07-01.3 - WAYNE 2008-07-03 20:06:48.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT 10:00]
Running from: C:\Documents and Settings\WAYNE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\WAYNE\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\temp.exe
C:\WINDOWS\.exe
C:\WINDOWS\services.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system.exe
C:\WINDOWS\winlogon.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.
2008-07-03 20:08 . 2007-11-02 20:37 77,824 -r-hs---- C:\WINDOWS\winlogon.exe
2008-07-03 20:08 . 2007-11-02 20:37 77,824 -r-hs---- C:\WINDOWS\SYSTEM.exe
2008-07-03 20:08 . 2007-11-02 20:37 77,824 -r-hs---- C:\WINDOWS\svchost.exe
2008-07-03 20:08 . 2007-11-02 20:37 77,824 -r-hs---- C:\WINDOWS\smss.exe
2008-07-03 20:08 . 2007-11-02 20:37 77,824 -r-hs---- C:\WINDOWS\services.exe
2008-07-02 19:04 . 2008-07-02 19:04 <DIR> d--hs---- C:\FOUND.001
2008-07-01 20:29 . 2008-07-01 20:29 <DIR> d--hs---- C:\FOUND.000
2008-06-30 22:32 . 2008-06-30 22:32 <DIR> d-------- C:\Deckard
2008-06-30 22:13 . 2008-06-30 22:13 <DIR> d-------- C:\HijackThis
2008-06-30 21:53 . 2007-11-02 20:37 77,824 -r-hs---- C:\WINDOWS\WAYNE.exe
2008-06-13 18:32 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 18:32 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys