Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > missing taskbar

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

missing taskbar

Reply to Message Icon

Name: john
Date: November 29, 2003 at 15:14:23 Pacific
OS: windows xp
CPU/Ram: pentium 4/512mb
Comment:

my stupid computer is probably infected with a bloody virus(the taskbar,startmenu and shortcuts are all missing when i log in) and my stupid norton antivirus won't pick up on it.

does anyone know what to do??????????

Logfile of HijackThis v1.97.7
Scan saved at 9:58:40 AM, on 30/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~3\MSSQL$~2\binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\taskmgr.exe
C:\progra~1\ddm\sysu.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\VINHNG~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://scrk.com/searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Internet Optimizer] "c:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] c:\progra~1\ddm\1\msbb.exe
O4 - HKLM\..\Run: [DKQXEKRX] C:\WINDOWS\DKQXEKRX.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [53142946.exe] C:\WINDOWS\System32\53142946.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.exe
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.easydownloads.net/warezdownload.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF875B5E-2A61-48E3-8856-F18768E3AD85}: NameServer = 203.49.70.92 139.134.2.190



Sponsored Link
Ads by Google

Response Number 1
Name: john
Date: November 29, 2003 at 15:36:18 Pacific
Reply:

and i also just got a message that poped up after connecting on to the internet and posting my last message that said "project 1" "it's time" so i'm thinking theres a virus going on


0

Response Number 2
Name: Tom41
Date: November 29, 2003 at 15:40:03 Pacific
Reply:

Open the task manager and end porcess on C:\progra~1\ddm\sysu.exe.

Run HijackThis again and place a check in the box next to the following items. Next, close all browser Windows, and have HT 'fix checked'.

You Must restart your computer when you're done.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://scrk.com/searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [msbb] c:\progra~1\ddm\1\msbb.exe
O4 - HKLM\..\Run: [DKQXEKRX] C:\WINDOWS\DKQXEKRX.exe
O4 - HKLM\..\Run: [53142946.exe] C:\WINDOWS\System32\53142946.exe
O4 - HKLM\..\RunOnce: [sysu] "C:\progra~1\ddm\sysu.exe"
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.easydownloads.net/warezdownload.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB

After restarting delete the following:
C:\WINDOWS\DKQXEKRX.exe
C:\WINDOWS\System32\53142946.exe
C:\Program Files\ddm folder.


0

Response Number 3
Name: Darren robinson
Date: December 2, 2003 at 08:12:28 Pacific
Reply:

its not a viris and ok go to my comp then c drive then go to program files and find ddm and delete it you only got this file because you went on a site that had it i know ive goten it 2 times just when you start up and it does it agen go control alt delete and go to program proseses and end task on sysu.exe



0

Response Number 4
Name: Benjamin Flom
Date: December 2, 2003 at 21:38:33 Pacific
Reply:

None of these will work completely. Deleting the DDM directory in the program files directory is part of the way. The item is also entered into your registry as a key under "runonce" but it never leaves. In my case the desktop and task bar did not appear. Start in safe mode (keep pressing F8 when starting your computer, pick option 3 called safe mode, then hit enter). This will by pass your registry and startup files. Then delete the ddm directory. Also in the run box (start > run) type regedit to edit the registry. hit CTRL + F to do a search, and search for the string "sysu." It will pop up a couple of times, but you want to find the key under "runonce" that refers to the "sysu.exe" file. Once you are on it delete it, then reboot. One of my idiot employees got this nonsense and this procedure seems to have eliminated the issue.


0

Response Number 5
Name: RanK
Date: December 3, 2003 at 20:49:00 Pacific
Reply:

On my blog there is a list of instructions on how to kill this thing
http://geekatwork.blogspot.com/2003_12_01_geekatwork_archive.html#107032650161440135


0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: missing taskbar
Missing Desktop www.computing.net/answers/security/missing-desktop/21582.html

Taskbar pop-ups, Virus www.computing.net/answers/security/taskbar-popups-virus/17918.html

Internet Explorer icon missing from www.computing.net/answers/security/internet-explorer-icon-missing-from-/613.html