WinXP - Missing Desktop Icons and Taskbar

[Alpine725]

WinXP - Missing Desktop Icons and Taskbar

I have been searching high and low for a solution to the issue a friend has brought to me. This Acer system will boot up normally aas well as in safe mode to nothing but a blank desktop (no icons or taskbar) regardless of what profile I try. The only thing I can do to run anything is open the Task Manager. When I try to run explorer.exe (normal mode or safe mode) the taskbar flashes then goes away. When I try to run internet explorer I get the same result - minus the flashing taskbar. I have tried the installed Norton as well as AVG 8 (Free), finding noting out of the ordinary. Since I dont have a web browser I cant try the online scanners. I also tried "Super Anti-Spyware" (as recommended by another few sites), again, nothing out of the ordinary.

Several people seem to have had the issue but no one had a viable solution or if they did they never posted it. If anyone out there has a solution - short of reformatting and reinstalling windows, I am all ears. We all know you should back up important data but we also know that there is only about 1% of us that do. Given that this isnt my own PC, reformatting isnt really an option as the owner wanted his install salvaged.

I have pasted a copy of the HiJack This log (ComboFix log is in the next post as it wouldnt fit in this one) below, is there someone out there that can shed a little light on this very perplexing issue?

Thanks in advance...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:34 PM, on 10/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
H:\WINDOWS\system32\inetsrv\inetinfo.exe
H:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
H:\WINDOWS\system32\tcpsvcs.exe
H:\WINDOWS\System32\snmp.exe
H:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
H:\Program Files\Spyware Terminator\sp_rsser.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
H:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
H:\WINDOWS\system32\taskmgr.exe
I:\Tech Tools\HiJack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [V0410Mon.exe] H:\WINDOWS\V0410Mon.exe
O4 - HKLM\..\Run: [NSWosCheck] H:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "H:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "H:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] H:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Desktop Secretary] "H:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - H:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - H:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - H:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FolderProtectService - Unknown owner - H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - H:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - H:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - H:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9626 bytes

[Alpine725]

ComboFix log...


ComboFix 08-10-02.04 - Administrator 2008-10-03 12:57:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.385 [GMT -4:00]
Running from: I:\Tech Tools\Explorer Issues\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\Jessie\Cookies\jessie@myspace[2].txt
H:\Documents and Settings\Max\Cookies\[email protected][1].txt
H:\Program Files\FunWebProducts
H:\Program Files\MyWebSearch
H:\Program Files\MyWebSearch\bar\History\search2
H:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
H:\Program Files\MyWebSearch\bar\Settings\setting2.htm
H:\Program Files\MyWebSearch\bar\Settings\settings.dat
H:\WINDOWS\system32\_000006_.tmp.dll
H:\WINDOWS\system32\_000081_.tmp.dll
H:\WINDOWS\system32\_000082_.tmp.dll
H:\WINDOWS\system32\_005351_.tmp.dll
H:\WINDOWS\system32\_005352_.tmp.dll
H:\WINDOWS\system32\_005353_.tmp.dll
H:\WINDOWS\system32\_005354_.tmp.dll
H:\WINDOWS\system32\_005361_.tmp.dll
H:\WINDOWS\system32\_005362_.tmp.dll
H:\WINDOWS\system32\_005363_.tmp.dll
H:\WINDOWS\system32\_005364_.tmp.dll
H:\WINDOWS\system32\_005366_.tmp.dll
H:\WINDOWS\system32\_005367_.tmp.dll
H:\WINDOWS\system32\_005370_.tmp.dll
H:\WINDOWS\system32\_005371_.tmp.dll
H:\WINDOWS\system32\_005374_.tmp.dll
H:\WINDOWS\system32\_005377_.tmp.dll
H:\WINDOWS\system32\_005380_.tmp.dll
H:\WINDOWS\system32\_005381_.tmp.dll
H:\WINDOWS\system32\_005386_.tmp.dll
H:\WINDOWS\system32\_005388_.tmp.dll
H:\WINDOWS\system32\_005391_.tmp.dll
H:\WINDOWS\system32\_005394_.tmp.dll
H:\WINDOWS\system32\_005395_.tmp.dll
H:\WINDOWS\system32\_005396_.tmp.dll
H:\WINDOWS\system32\_005397_.tmp.dll
H:\WINDOWS\system32\_005398_.tmp.dll
H:\WINDOWS\system32\_005401_.tmp.dll
H:\WINDOWS\system32\_005402_.tmp.dll
H:\WINDOWS\system32\_005403_.tmp.dll
H:\WINDOWS\system32\_005404_.tmp.dll
H:\WINDOWS\system32\_005405_.tmp.dll
H:\WINDOWS\system32\_005410_.tmp.dll
H:\WINDOWS\system32\_005412_.tmp.dll
H:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-30 18:30 . 2008-04-14 05:42 354,304 --a------ H:\WINDOWS\system32\SET1044.tmp
2008-09-30 18:30 . 2008-04-14 05:40 177,152 --a------ H:\WINDOWS\system32\SET1060.tmp
2008-09-30 18:30 . 2008-04-14 05:42 80,896 --a------ H:\WINDOWS\system32\SET1041.tmp
2008-09-30 18:30 . 2008-04-14 05:42 58,880 --a------ H:\WINDOWS\system32\SET1054.tmp
2008-09-30 18:30 . 2008-04-14 05:42 9,728 --a------ H:\WINDOWS\system32\SET10B6.tmp
2008-09-30 18:29 . 2008-04-14 05:42 6,656 --a------ H:\WINDOWS\system32\SET103C.tmp
2008-09-30 18:20 . 2008-04-14 05:41 133,632 --a------ H:\WINDOWS\system32\SET666.tmp
2008-09-30 18:20 . 2008-04-14 05:41 64,512 --a------ H:\WINDOWS\system32\SET667.tmp
2008-09-30 18:20 . 2008-04-14 05:41 43,520 --a------ H:\WINDOWS\system32\SET67B.tmp
2008-09-30 18:20 . 2008-04-14 05:41 14,336 --a------ H:\WINDOWS\system32\SET66F.tmp
2008-09-30 18:20 . 2008-04-14 05:41 13,312 --a------ H:\WINDOWS\system32\SET665.tmp
2008-09-30 18:19 . 2008-04-14 05:42 471,552 --a------ H:\WINDOWS\system32\SET654.tmp
2008-09-30 18:19 . 2008-04-14 05:41 95,744 --a------ H:\WINDOWS\system32\SET65A.tmp
2008-09-30 18:19 . 2008-04-14 05:42 8,192 --a------ H:\WINDOWS\system32\SET64C.tmp
2008-09-30 18:17 . 2008-04-14 05:41 1,267,200 --a------ H:\WINDOWS\system32\SET488.tmp
2008-09-30 18:16 . 2008-04-14 05:42 3,066,880 --a------ H:\WINDOWS\system32\SET358.tmp
2008-09-30 18:15 . 2008-04-14 05:42 8,461,312 --a------ H:\WINDOWS\system32\SET278.tmp
2008-09-30 18:14 . 2008-04-14 05:42 727,040 --a------ H:\WINDOWS\system32\SET216.tmp
2008-09-30 18:12 . 2006-12-29 00:31 19,569 --a------ H:\WINDOWS\003743_.tmp
2008-09-30 18:08 . 2004-08-10 08:00 4,190,352 --a------ H:\WINDOWS\system32\dllcache\luna.mst
2008-09-30 18:07 . 2004-08-10 08:00 8,384,000 --a------ H:\WINDOWS\system32\dllcache\shell32.dll
2008-09-30 15:52 . 2008-09-30 15:52 <DIR> d-------- H:\Program Files\SUPERAntiSpyware
2008-09-30 15:52 . 2008-09-30 15:52 <DIR> d-------- H:\Documents and Settings\James\Application Data\SUPERAntiSpyware.com
2008-09-30 15:48 . 2008-09-30 15:48 <DIR> d-------- H:\Documents and Settings\James\Application Data\WinCare2008
2008-09-29 00:42 . 2004-08-04 00:56 90,112 --a------ H:\WINDOWS\system32\dllcache\ehiepg.dll
2008-09-29 00:42 . 2004-08-04 00:56 65,536 --a------ H:\WINDOWS\system32\dllcache\ehresja.dll
2008-09-29 00:42 . 2004-08-04 00:56 61,440 --a------ H:\WINDOWS\system32\dllcache\ehresko.dll
2008-09-29 00:42 . 2004-08-04 00:56 61,440 --a------ H:\WINDOWS\system32\dllcache\ehresfr.dll
2008-09-29 00:42 . 2004-08-04 00:56 61,440 --a------ H:\WINDOWS\system32\dllcache\ehresde.dll
2008-09-29 00:42 . 2004-08-04 00:56 53,248 --a------ H:\WINDOWS\system32\dllcache\ehreschs.dll
2008-09-29 00:42 . 2004-08-04 00:56 38,400 --a------ H:\WINDOWS\system32\dllcache\ehcircl.dll
2008-09-29 00:42 . 2004-08-04 00:56 4,608 --a------ H:\WINDOWS\system32\dllcache\snchk.exe
2008-09-29 00:34 . 2004-07-17 11:40 19,528 --a------ H:\WINDOWS\000001_.tmp
2008-09-28 23:07 . 2008-09-28 23:07 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-28 23:07 . 2008-09-28 23:07 <DIR> d-------- H:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-28 22:57 . 2008-09-28 22:57 <DIR> d-------- H:\Program Files\Spyware Terminator
2008-09-28 22:57 . 2008-09-28 22:57 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-28 22:57 . 2008-09-28 22:57 <DIR> d-------- H:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-09-28 22:57 . 2008-09-28 22:57 138,752 --a------ H:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-28 22:17 . 2008-09-28 22:17 <DIR> d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-09-28 20:28 . 2008-09-28 20:28 <DIR> d-------- H:\Program Files\ACW
2008-09-28 16:04 . 2008-09-28 22:15 <DIR> d-------- H:\WINDOWS\JT
2008-09-27 17:23 . 2008-09-28 20:27 1,600 --------- H:\help.zip_zip_Data Recovery.hhp.cached
2008-09-27 17:11 . 2008-09-27 17:27 <DIR> d-------- H:\Program Files\Spotmau WinCare 2008
2008-09-27 17:11 . 2008-09-27 17:11 <DIR> d-------- H:\Documents and Settings\Administrator\Application Data\WinCare2008
2008-09-27 05:11 . 2008-09-27 05:11 14,336 --------- H:\WINDOWS\system32\svchost.exe.bak
2008-09-21 19:32 . 2008-09-30 18:33 <DIR> d-------- H:\WINDOWS\system32\CatRoot_bak
2008-09-21 17:25 . 2008-09-30 15:47 469,319,680 --a------ H:\WINDOWS\MEMORY.DMP
2008-09-07 21:06 . 2004-08-10 08:00 571,392 --a------ H:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-09-07 21:05 . 2004-08-10 08:00 13,463,552 --a------ H:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-07 21:04 . 2004-08-10 08:00 1,677,824 --a--c--- H:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-07 21:02 . 2008-09-07 21:02 749 -rah----- H:\WINDOWS\WindowsShell.Manifest
2008-09-07 21:02 . 2008-09-07 21:02 749 -rah----- H:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-07 21:02 . 2008-09-07 21:02 749 -rah----- H:\WINDOWS\system32\sapi.cpl.manifest
2008-09-07 21:02 . 2008-09-07 21:02 749 -rah----- H:\WINDOWS\system32\nwc.cpl.manifest
2008-09-07 21:02 . 2008-09-07 21:02 749 -rah----- H:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-07 21:02 . 2008-09-07 21:02 488 -rah----- H:\WINDOWS\system32\logonui.exe.manifest
2008-09-07 21:01 . 2004-08-10 08:00 16,384 --a--c--- H:\WINDOWS\system32\dllcache\isignup.exe
2008-09-07 20:48 . 2004-08-10 08:00 7,680 --a--c--- H:\WINDOWS\system32\dllcache\inetmgr.exe
2008-09-07 20:38 . 2004-08-03 22:31 20,992 --a------ H:\WINDOWS\system32\drivers\RTL8139.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 00:35 --------- d-----w H:\Program Files\Norton SystemWorks
2008-09-21 21:42 805 ----a-w H:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-21 21:42 123,952 ----a-w H:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-21 21:42 10,671 ----a-w H:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-21 21:42 --------- d-----w H:\Program Files\Symantec
2008-09-21 21:42 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-09-07 09:25 --------- d-----w H:\Documents and Settings\Marcia\Application Data\Skype
2008-09-05 02:03 --------- d-----w H:\Documents and Settings\Marcia\Application Data\alot
2008-09-04 20:06 --------- d-----w H:\Documents and Settings\Marcia\Application Data\skypePM
2008-09-03 09:52 --------- d-----w H:\Documents and Settings\Max\Application Data\Skype
2008-09-02 20:07 --------- d-----w H:\Documents and Settings\Max\Application Data\skypePM
2008-08-27 00:20 --------- d-----w H:\Documents and Settings\Jessie\Application Data\LimeWire
2008-08-23 13:10 --------- d-----w H:\Documents and Settings\Jessie\Application Data\alot
2008-08-21 02:44 --------- d-----w H:\Documents and Settings\James\Application Data\Skype
2008-08-15 01:36 --------- d-----w H:\Program Files\iTunes
2008-08-15 01:36 --------- d-----w H:\Program Files\iPod
2008-08-15 01:32 --------- d-----w H:\Program Files\QuickTime
2008-08-15 01:32 --------- d-----w H:\Program Files\Bonjour
2008-08-15 01:28 --------- d-----w H:\Program Files\Apple Software Update
2008-08-15 01:20 --------- d-----w H:\Documents and Settings\James\Application Data\Apple Computer
2008-08-13 17:58 --------- d-----w H:\Documents and Settings\Max\Application Data\LimeWire
2008-08-05 12:08 --------- d-----w H:\Program Files\Sun
2008-08-05 12:07 --------- d-----w H:\Program Files\Java
2008-08-04 23:23 --------- d-----w H:\Documents and Settings\All Users\Application Data\Symantec
2008-08-03 16:00 --------- d-----w H:\Documents and Settings\Marcia\Application Data\U3
2008-08-03 11:54 --------- d-----w H:\Documents and Settings\James\Application Data\alot
2008-07-14 10:58 144 ------w H:\domains.dat
2008-01-11 00:19 32 ----a-w H:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@="{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}"
[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-02 17:05 348160 --a------ H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@="{8A814C29-D3CD-4F9E-9770-DF8704503ACA}"
[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-02 17:05 348160 --a------ H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"AIM"="H:\PROGRA~1\AIM\aim.exe" [2005-08-05 67160]
"Desktop Secretary"="H:\Program Files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" [2008-01-24 1265664]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="H:\WINDOWS\ehome\ehtray.exe" [2008-04-14 50176]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"osCheck"="H:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"V0410Mon.exe"="H:\WINDOWS\V0410Mon.exe" [2007-06-06 32768]
"NSWosCheck"="H:\Program Files\Norton SystemWorks\osCheck.exe" [2007-12-03 25472]
"Symantec PIF AlertEng"="H:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"MsmqIntCert"="mqrt.dll" [2004-08-10 H:\WINDOWS\system32\mqrt.dll]
"VTTimer"="VTTimer.exe" [2005-05-13 H:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 H:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-07 H:\WINDOWS\SOUNDMAN.EXE]
"SRFirstRun"="srclient.dll" [2004-08-10 H:\WINDOWS\system32\srclient.dll]

H:\Documents and Settings\Jessie\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - H:\Program Files\LimeWire\LimeWire.exe [2008-04-18 147456]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= H:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= H:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "H:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 H:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"H:\\Program Files\\iTunes\\iTunes.exe"=
"H:\\Documents and Settings\\Max\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"H:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 FolderProtectDriver;FolderProtectDriver;H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriver.sys [2008-01-10 15616]
R2 FolderProtectService;FolderProtectService;H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [2007-12-22 10240]
R2 Viewpoint Manager Service;Viewpoint Manager Service;H:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [ ]
S3 p2pgasvc;Peer Networking Group Authentication;H:\WINDOWS\system32\svchost.exe [2008-09-27 14336]
S3 p2pimsvc;Peer Networking Identity Manager;H:\WINDOWS\system32\svchost.exe [2008-09-27 14336]
S3 p2psvc;Peer Networking;H:\WINDOWS\system32\svchost.exe [2008-09-27 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;H:\WINDOWS\system32\svchost.exe [2008-09-27 14336]
S3 SUSCOM;Susteen Serial port driver;H:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]
S3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;H:\WINDOWS\system32\DRIVERS\V0410Afx.sys [2007-06-10 142656]
S3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;H:\WINDOWS\system32\DRIVERS\V0410Aud.sys [2007-02-14 94720]
S3 V0410Dev;Creative Camera VF0410 Driver;H:\WINDOWS\system32\DRIVERS\V0410Dev.sys [2007-07-03 244672]
S3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;H:\WINDOWS\system32\DRIVERS\V0410Vfx.sys [2006-12-05 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - I:\SAS\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 13:11:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\ehome\ehRecvr.exe
H:\WINDOWS\system32\inetsrv\inetinfo.exe
H:\WINDOWS\system32\msdtc.exe
H:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
H:\WINDOWS\system32\tcpsvcs.exe
H:\WINDOWS\system32\snmp.exe
H:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
H:\Program Files\Spyware Terminator\sp_rsser.exe
H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
H:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
H:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
.
**************************************************************************
.
Completion time: 2008-10-03 13:15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 17:14:42

Pre-Run: 105,926,336,512 bytes free
Post-Run: 107,882,180,608 bytes free

276 --- E O F --- 2008-09-22 00:56:46

[Broni]

I don't see anything malicious.

Did you try System Restore?
If you did, and it didn't help, try this:

1. Using Task Manager...
2. Click on "New Task", type "regedit" (without the quotes)
3. Click OK (this opens the Registry Editor)
4. Expand: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion by clicking on the tiny right-point arrowhead to the left of each
5. Scroll down to Winlogon and click on it once
6. In the list that appears in the right-hand pane, find the word Shell and double click it
7. In the small window that opens, if anything other than "explorer.exe" is in the Value Data field, delete it and type "explorer.exe" (without the quotes)
8. Click OK
9. Close the Registry Editor
10. Reboot

[Alpine725]

First of all, thank you very much for the reply.

I tried posting the question/issue twice and apparently, I forgot to mention that I DID try the restore from several days back via the windows restore as well as the manual restore (delete system, security, software, sam and default from the system32\config folder and replace them with those from the system volume info folder). That was unproductive unfortunately for me.

I just checked the registry and what should be there IS there - with nothing else. I removed the key and recreated it. When I rebooted, I still have nothing different.

Keep the suggestions coming...I appreciate every one of them, no matter how big or small they may be.

Thanks again...

[Broni]

Try running:
sfc /scannow
Have Windows CD handy.

Another option, Windows repair: http://www.michaelstevenstech.com/XPrepairinstall.htm

[Alpine725]

Try running:
sfc /scannow
Have Windows CD handy.

Another option, Windows repair: http://www.michaelstevenstech.com/XPrepairinstall.htm

Does the sfc command "hurt" the current install?

[Broni]

I'm not sure, what you mean by "hurt", but sfc (system file checker), checks for corrupt system file(s). If found, they'll be replaced. Your data is safe.

[Alpine725]

I'm not sure, what you mean by "hurt", but sfc (system file checker), checks for corrupt system file(s). If found, they'll be replaced. Your data is safe.

Being run as you read...

[Broni]

I cross my fingers

[Alpine725]

Well, I am sorry for not getting back to you sooner...I got tired and had to go to bed.

I checked the sfc progress this morning and the copy of the XP CD I was using was not the same as the one that was installed (XP MCE) now it is telling me that files required for windows to run properly have been replaced by unrecognized versions and is now asking for CD2.

I am going to try to get the CDs and try again...

[Broni]

Keep us posted.

[Alpine725]

Good day. I am sorry for the great delay in replying, I was away for the weekend.

However, as an update, I tried another copy (not the original install set) of XP MCE that I "found" and when it asked for the second CD it still said there were unrecognized versions of some files when I rand the sfc /scannow command.

I am still stuck with what I started with.

I am still open to suggentions......

[Broni]

To run sfc successfully, Windows CD must include same service pack as installed on your computer (SP2 in your case).
You need to create new Windows CD with SP2 on it.
Instructions: http://www.helpwithwindows.com/Windo...p2-bootcd.html

[Alpine725]

Thanks for the reply. I managed to get a hold of the original install disks - the actual MS disks! Needless to say, I am still getting the same results.

As for the need to use a disk that has SP2 on it, I do have an XP disk with SP2 built in but when I tried that, it made it to about 80% and then asked for CD2.

I have been in the IT field for about 10 years now...I feel like I have fallen and cant get up!! LOL I have searched several forums and forund several people that had the same issue but they seem to have all given up and just reformatted the drive. I have so much time invested in searching and trying different solutions that I feel like I would be letting myself down if I did that.

Broni - Thank you very much for ALL of your help and suggestions. Keep em coming!

[Broni]

Is your XP Home, or Pro? What about CD version?