Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

dll c:\windows\system32\wininet.dll [RESOLVED]

Started by Staceyvee , Oct 18 2008 11:28 AM

  • This topic is locked This topic is locked

#1
Staceyvee
Posted 18 October 2008 - 11:28 AM

Staceyvee

    Member

  • Member
  • PipPip
  • 40 posts
windows xp I do not have any desktop icons, or a start menu, and can only access things through the task manager.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:35 PM, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\spencer\Desktop\sdsetup.exe
C:\DOCUME~1\spencer\LOCALS~1\Temp\is-35JM0.tmp\sdsetup.tmp
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robert\Desktop\sdsetup.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\is-72P6B.tmp\sdsetup.tmp
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\PrivacyProtector Free\DNSE.exe" -c
O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3636745665-1842153933-2238255875-1006\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3636745665-1842153933-2238255875-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3636745665-1842153933-2238255875-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3636745665-1842153933-2238255875-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?0093edc0ca4f4aec994cec4f8e1fba4d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?0093edc0ca4f4aec994cec4f8e1fba4d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156804451373
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Windows Active Directory Helper (MSSearchHelper) - Unknown owner - C:\WINDOWS\system32\iexplorer.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11536 bytes


Thanks,
Staceyvee
  • 0

Advertisements

#2
Essexboy
Posted 22 October 2008 - 10:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I will take a two phase approach at this, first I will do a quick and dirty clean and then have a deeper look to see what else is lurking

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio button for Rootkit check YES
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Logs required : MBAM and OTScanit (attached or uploaded to mediafire)
  • 0

#3
Staceyvee
Posted 23 October 2008 - 09:49 AM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks for getting back to me. I tried running the Anti-Malware program. The scan went fine, but at the end of the removal during "reporting threats to Malwarebytes' Anti-Malware threat Center" I got a run-time error '48' File not found wininet.dll message. It won't produce a log. I also couldn't update. I think it's because I can't seem to connect with the internet using Internet Explorer. I have been using Moxilla Firefox. I don't know how to make it the default, or disable Internet Explorer from being the go-to place for downloading.
What now???
Thanks,
Stacey
  • 0

#4
Essexboy
Posted 23 October 2008 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Set Firefox as default

Step 1 Launch the Firefox Web browser.
Step 2 Click the 'Tools' Menu and then select 'Options' from the drop-down list. The 'Options' dialog box will open in a new window.
Step 3 Go to the 'Main' tab and then locate the 'System Defaults' section.
Step 4 Click the 'Check Now' button to have Firefox check whether it is the default browser. A 'Default Browser' dialog box will appear on your screen.
Step 5 Read the message and decide if you want to make Firefox your default browser. Click the 'Yes' button to select Firefox as your default browser

Could you now run OTScanit for me please then attach it and I will see what that tells me
  • 0

#5
Staceyvee
Posted 23 October 2008 - 11:38 AM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi again. The default box was already checked, so it must be something else. I can't even run OTScanit. I get the dll c:\windows\system32\wininet.dll message again.
  • 0

#6
Essexboy
Posted 23 October 2008 - 11:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Okey dokey lets download that dll for you. I have downloaded and scanned this file it is safe
Go Here and download the zip file to your desktop. Then extract the file to C:\Windows\system32

Reboot and try OTScanit again
  • 0

#7
Staceyvee
Posted 23 October 2008 - 01:35 PM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
It won't let me download that either. I get the same message: The application or DLL C:\Windows|system32|WININET.dll is not a valid Windows image.

Stupid computer......lol
  • 0

#8
Essexboy
Posted 23 October 2008 - 01:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then time for the big boy. Please read the instructions before downloading. You may need to run this in safe mode, it will complain but let it run :)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#9
Staceyvee
Posted 23 October 2008 - 05:21 PM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here is the combofix log. i will post the other one in a bit.

ComboFix 08-10-23.01 - Robert 2008-10-23 17:33:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.656 [GMT -4:00]
Running from: C:\Documents and Settings\Robert\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Robert\Application Data\PrivacyProtector Free
C:\Documents and Settings\Robert\Application Data\PrivacyProtector Free\Logs\update.log
C:\Documents and Settings\Robert\Application Data\Starware316(2)
C:\Documents and Settings\Robert\Application Data\Starware316(2)\BrowserSearch(2)\BrowserSearch.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\BrowserSearch(2)\BrowserSearch.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Configurator(2)\Configurator.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Configurator(2)\Configurator.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ErrorSearch(2)\ErrorSearchOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ErrorSearch(2)\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Games(2)\GamesOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Games(2)\GamesOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Layouts(2)\ToolbarLayout.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Layouts(2)\ToolbarLayout.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Manager(2)\ManagerOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Manager(2)\ManagerOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Movies(2)\MoviesOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Movies(2)\MoviesOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Reference(2)\ReferenceOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Reference(2)\ReferenceOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\RelatedSearch(2)\RelatedSearchOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\RelatedSearch(2)\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Screensavers(2)\ScreensaversOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Screensavers(2)\ScreensaversOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ScreensaversMarketingSitePager(2)\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ScreensaversMarketingSitePager(2)\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Toolbar(2)\TBProductsOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Toolbar(2)\TBProductsOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ToolbarLogo(2)\ToolbarLogoOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ToolbarLogo(2)\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ToolbarSearch(2)\ToolbarSearchOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\ToolbarSearch(2)\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\TravelSearch(2)\TravelSearchOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\TravelSearch(2)\TravelSearchOptions.xml.backup
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Weather(2)\AlertArchive.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Weather(2)\WeatherOptions.xml
C:\Documents and Settings\Robert\Application Data\Starware316(2)\Weather(2)\WeatherOptions.xml.backup
C:\Documents and Settings\Robert\err.log
C:\Documents and Settings\Robert\Start Menu\Antivirus2008
C:\Documents and Settings\Robert\Start Menu\Antivirus2008\Antivirus 2008.lnk
C:\Documents and Settings\Robert\Start Menu\Antivirus2008\Uninstall Antivirus.lnk
C:\Program Files\Antivirus2008
C:\Program Files\Common Files\PrivacyProtector Free
C:\Program Files\PrivacyProtector Free
C:\Program Files\PrivacyProtector Free\Activate.dat
C:\Program Files\PrivacyProtector Free\Appbase\AE_CD_Cr.dat
C:\Program Files\PrivacyProtector Free\Appbase\AReadr4.dat
C:\Program Files\PrivacyProtector Free\Appbase\AReadr5.dat
C:\Program Files\PrivacyProtector Free\Appbase\ASDSEEpv.dat
C:\Program Files\PrivacyProtector Free\Appbase\ASPack.dat
C:\Program Files\PrivacyProtector Free\Appbase\Babylon.dat
C:\Program Files\PrivacyProtector Free\Appbase\BDelphi5.dat
C:\Program Files\PrivacyProtector Free\Appbase\CatchUp.dat
C:\Program Files\PrivacyProtector Free\Appbase\CBuildr5.dat
C:\Program Files\PrivacyProtector Free\Appbase\CCGA.dat
C:\Program Files\PrivacyProtector Free\Appbase\CManager.dat
C:\Program Files\PrivacyProtector Free\Appbase\CuteFTP4.dat
C:\Program Files\PrivacyProtector Free\Appbase\CuteHTML.dat
C:\Program Files\PrivacyProtector Free\Appbase\DAcceler.dat
C:\Program Files\PrivacyProtector Free\Appbase\DiscJug.dat
C:\Program Files\PrivacyProtector Free\Appbase\ECDCreat4.dat
C:\Program Files\PrivacyProtector Free\Appbase\Far.dat
C:\Program Files\PrivacyProtector Free\Appbase\FFTsks.dat
C:\Program Files\PrivacyProtector Free\Appbase\FlashFXP.dat
C:\Program Files\PrivacyProtector Free\Appbase\FrntPage.dat
C:\Program Files\PrivacyProtector Free\Appbase\FrontPEx.dat
C:\Program Files\PrivacyProtector Free\Appbase\FtpEXP.dat
C:\Program Files\PrivacyProtector Free\Appbase\FtpVoya.dat
C:\Program Files\PrivacyProtector Free\Appbase\GetRight.dat
C:\Program Files\PrivacyProtector Free\Appbase\GoZilla.dat
C:\Program Files\PrivacyProtector Free\Appbase\GravMRU.dat
C:\Program Files\PrivacyProtector Free\Appbase\H_TxtPad.dat
C:\Program Files\PrivacyProtector Free\Appbase\HomeSite.dat
C:\Program Files\PrivacyProtector Free\Appbase\HotDogPr.dat
C:\Program Files\PrivacyProtector Free\Appbase\IconExtr.dat
C:\Program Files\PrivacyProtector Free\Appbase\iMesh.dat
C:\Program Files\PrivacyProtector Free\Appbase\ImgReady3.dat
C:\Program Files\PrivacyProtector Free\Appbase\InsShExp.dat
C:\Program Files\PrivacyProtector Free\Appbase\JASC_P_P.dat
C:\Program Files\PrivacyProtector Free\Appbase\KaZaA.dat
C:\Program Files\PrivacyProtector Free\Appbase\LView.dat
C:\Program Files\PrivacyProtector Free\Appbase\MacDir.dat
C:\Program Files\PrivacyProtector Free\Appbase\MacDrWea.dat
C:\Program Files\PrivacyProtector Free\Appbase\MicAng.dat
C:\Program Files\PrivacyProtector Free\Appbase\MicDes.dat
C:\Program Files\PrivacyProtector Free\Appbase\MM_CON.dat
C:\Program Files\PrivacyProtector Free\Appbase\MMUnDisk.dat
C:\Program Files\PrivacyProtector Free\Appbase\Morpheus.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPaint.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPicPub.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPImaGal.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSExplorer.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSoffice.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSRegEdit.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSWMP.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSWordPad.dat
C:\Program Files\PrivacyProtector Free\Appbase\Nero.dat
C:\Program Files\PrivacyProtector Free\Appbase\NetShow.dat
C:\Program Files\PrivacyProtector Free\Appbase\NTBackup.dat
C:\Program Files\PrivacyProtector Free\Appbase\pfilelst.xda
C:\Program Files\PrivacyProtector Free\Appbase\PhotShel.dat
C:\Program Files\PrivacyProtector Free\Appbase\PHPCoder.dat
C:\Program Files\PrivacyProtector Free\Appbase\PowerZIP.dat
C:\Program Files\PrivacyProtector Free\Appbase\RapidBr.dat
C:\Program Files\PrivacyProtector Free\Appbase\RealAuPl.dat
C:\Program Files\PrivacyProtector Free\Appbase\RealDown.dat
C:\Program Files\PrivacyProtector Free\Appbase\SecurCRT.dat
C:\Program Files\PrivacyProtector Free\Appbase\SL_BlWin.dat
C:\Program Files\PrivacyProtector Free\Appbase\SmartClr.dat
C:\Program Files\PrivacyProtector Free\Appbase\Sonique.dat
C:\Program Files\PrivacyProtector Free\Appbase\StuffIt.dat
C:\Program Files\PrivacyProtector Free\Appbase\TelepPro.dat
C:\Program Files\PrivacyProtector Free\Appbase\UGifAnim.dat
C:\Program Files\PrivacyProtector Free\Appbase\UltraEd.dat
C:\Program Files\PrivacyProtector Free\Appbase\UMedStud.dat
C:\Program Files\PrivacyProtector Free\Appbase\UPhImpV.dat
C:\Program Files\PrivacyProtector Free\Appbase\UPhotoEx.dat
C:\Program Files\PrivacyProtector Free\Appbase\UVidStud.dat
C:\Program Files\PrivacyProtector Free\Appbase\VNC.dat
C:\Program Files\PrivacyProtector Free\Appbase\WebFeret.dat
C:\Program Files\PrivacyProtector Free\Appbase\WebReap.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinACE.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinGate.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinRAR.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinZIP.dat
C:\Program Files\PrivacyProtector Free\Appbase\WiseInst.dat
C:\Program Files\PrivacyProtector Free\Appbase\wordslst.xda
C:\Program Files\PrivacyProtector Free\Appbase\YahooPl.dat
C:\Program Files\PrivacyProtector Free\Appbase\ZipMagic.dat
C:\Program Files\PrivacyProtector Free\atl71.dll
C:\Program Files\PrivacyProtector Free\bnlink.dat
C:\Program Files\PrivacyProtector Free\diagnosis.dat
C:\Program Files\PrivacyProtector Free\err.log
C:\Program Files\PrivacyProtector Free\errors.log
C:\Program Files\PrivacyProtector Free\img\button.gif
C:\Program Files\PrivacyProtector Free\img\button2.gif
C:\Program Files\PrivacyProtector Free\img\header.gif
C:\Program Files\PrivacyProtector Free\img\logo.gif
C:\Program Files\PrivacyProtector Free\img\spacer.gif
C:\Program Files\PrivacyProtector Free\img\top_line.gif
C:\Program Files\PrivacyProtector Free\img\top1.jpg
C:\Program Files\PrivacyProtector Free\img\top2.jpg
C:\Program Files\PrivacyProtector Free\InstHelp.exe
C:\Program Files\PrivacyProtector Free\lapv.dat
C:\Program Files\PrivacyProtector Free\license.rtf
C:\Program Files\PrivacyProtector Free\manual.url
C:\Program Files\PrivacyProtector Free\mfc71.dll
C:\Program Files\PrivacyProtector Free\msvcp71.dll
C:\Program Files\PrivacyProtector Free\msvcr71.dll
C:\Program Files\PrivacyProtector Free\pv.dat
C:\Program Files\PrivacyProtector Free\readme.rtf
C:\Program Files\PrivacyProtector Free\ScanReport.dat
C:\Program Files\PrivacyProtector Free\Schedule.dat
C:\Program Files\PrivacyProtector Free\sr.log
C:\Program Files\PrivacyProtector Free\support.url
C:\Program Files\PrivacyProtector Free\unins000.dat
C:\Program Files\PrivacyProtector Free\unins000.exe
C:\Program Files\PrivacyProtector Free\uninstall.ico
C:\Program Files\PrivacyProtector Free\UninstallPage.html
C:\Program Files\PrivacyProtector Free\up.dat
C:\Program Files\PrivacyProtector Free\updater.dat
C:\Program Files\PrivacyProtector Free\UPRP.dmp
C:\Program Files\PrivacyProtector Free\UPRP.url
C:\Program Files\PrivacyProtector Free\UPRP.xml
C:\Program Files\PrivacyProtector Free\UPRPPChk.dll
C:\Program Files\PrivacyProtector Free\vbpv.dat
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\temp\RKeula2.rtf
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\temp\dm26A.tmp
C:\Program Files\screensavers.com\Wallpaper\Caribbean Magic.jpg
C:\Program Files\screensavers.com\Wallpaper\Palm Tree Paradise.jpg
C:\Program Files\Starware316
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\USS
C:\Program Files\USS\#agents\53\#startup
C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\AMPlugin.dll
C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\AMPlugin.xml
C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\AsAgents.xml
C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\unins000.dat
C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\unins000.exe
C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\wasffNT.exe
C:\Program Files\USS\unins000.dat
C:\Program Files\USS\unins000.exe
C:\Program Files\USS\USS.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\wininet.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_MSSEARCHHELPER
-------\Service_Iprip
-------\Service_MSSearchHelper
-------\Service_wasfsd


((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.

2008-10-23 15:27 . 2008-10-23 15:27 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-23 11:08 . 2008-10-23 11:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 11:08 . 2008-10-23 11:08 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-23 11:08 . 2008-10-23 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 11:08 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 11:08 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 13:11 . 2008-10-18 13:11 <DIR> d-------- C:\Program Files\ERUNT
2008-10-18 12:48 . 2008-10-18 12:48 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\PC Tools
2008-10-18 12:36 . 2008-10-18 12:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 12:27 . 2008-10-18 13:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-18 12:27 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-18 12:27 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-18 12:27 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-18 12:27 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-18 11:32 . 2008-10-18 11:32 <DIR> d-------- C:\Program Files\RegCure
2008-10-08 23:26 . 2008-10-08 23:26 244 --ah----- C:\sqmnoopt06.sqm
2008-10-08 23:26 . 2008-10-08 23:26 232 --ah----- C:\sqmdata06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 17:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-12 03:32 16,180 ----a-w C:\Documents and Settings\Robert\Application Data\wklnhst.dat
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-04 21:07 --------- d-----w C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-08-31 20:51 --------- d-----w C:\Program Files\Apple Software Update
2008-08-30 20:32 --------- d-----w C:\Program Files\iTunes
2008-08-30 20:31 --------- d-----w C:\Program Files\iPod
2008-08-30 20:31 --------- d-----w C:\Program Files\Bonjour
2008-08-30 20:30 --------- d-----w C:\Program Files\QuickTime
2008-08-30 20:20 --------- d-----w C:\Program Files\Safari
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 09:57 2,185,984 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-26 21:58 77,824 ----atw C:\WINDOWS\system32\DRWEBSP.DLL
2007-02-05 19:03 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-08-30 04:28 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

------- Sigcheck -------

2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 17:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 17:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 17:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 17:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 17:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2005-05-25 23:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 21:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 17:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 23:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 06:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 17:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 17:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 17:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtUninstallKB912436$\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2006-01-09 21:01 182528 aa898f84d2b59129fb92e143a2c73434 C:\WINDOWS\system32\dllcache\ndis.sys
2006-01-09 21:01 182528 aa898f84d2b59129fb92e143a2c73434 C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 17:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2008-08-14 05:33 2066048 4ac58f03eb94a72809949d757fc39d80 C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2004-08-04 01:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 19:35 2015744 48472d224e1703882b4de0e28e205e9b C:\WINDOWS\$NtUninstallKB909095$\ntkrnlpa.exe
2005-10-11 19:54 2015232 0c691ecad81707d3a7797512ac932c62 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 12:12 2017280 fa64f313f5237c53a909906113acae7d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 05:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 05:18 2062976 63ec865dff6ccfc7bef94b5c50297cad C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 14:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2008-08-14 05:22 2057728 ba002228743b6824d87f0551dbc86d45 C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
2008-08-14 05:18 2062976 63ec865dff6ccfc7bef94b5c50297cad C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
2008-08-14 05:33 2066048 4ac58f03eb94a72809949d757fc39d80 C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
2008-08-14 05:18 2020864 501fde895f35df1dae49fd54bbf9d396 C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 05:18 2062976 63ec865dff6ccfc7bef94b5c50297cad C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2004-08-04 02:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 20:02 2136064 25c36dbc46e8eff2a811769a60715ac5 C:\WINDOWS\$NtUninstallKB909095$\ntoskrnl.exe
2005-10-11 20:18 2136064 c5290e302241594b668a378d89fd903e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 12:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 05:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2008-08-14 06:00 2180352 21c91da9cb53aa8a37041ba9684a8458 C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
2008-08-14 05:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
2008-08-14 05:55 2142720 60794ea12961b7341ad54c731b50ae15 C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 05:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 17:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 17:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2004-08-04 17:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 17:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2004-08-04 17:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 17:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 17:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 04:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 17:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-11 03:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-11 03:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 17:00 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
2004-08-04 17:00 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\dllcache\userinit.exe

2008-04-13 20:12 295424 ff3477c03be7201c294c35f684b3479f C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2004-08-04 17:00 295424 b60c877d16d9c880b952fda04adf16e6 C:\WINDOWS\system32\termsrv.dll
2004-08-04 17:00 295424 b60c877d16d9c880b952fda04adf16e6 C:\WINDOWS\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-21 7561216]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2006-08-29 98304]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 180224]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2008-10-23 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hd4vrg88.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ca.my.yahoo.com/index.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 17:34:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-23 18:35:57
ComboFix-quarantined-files.txt 2008-10-23 22:35:52

Pre-Run: 35,941,732,352 bytes free
Post-Run: 35,921,629,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

477 --- E O F --- 2008-10-15 20:07:54
  • 0

#10
Staceyvee
Posted 23 October 2008 - 05:23 PM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Ok, here is the hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:44 PM, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?0093edc0ca4f4aec994cec4f8e1fba4d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?0093edc0ca4f4aec994cec4f8e1fba4d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156804451373
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9384 bytes
  • 0

Advertisements

#11
Essexboy
Posted 24 October 2008 - 03:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks better can you access the taskbar and desktop now ?

OTScanit should now run

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio button for Rootkit check YES
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#12
Staceyvee
Posted 24 October 2008 - 07:04 AM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Nope, I still can't run OTScanit. Iget "This application has failed to start because wininet.dll was not found. Re-installing the application may fix this problem." I still have no task bar or icons......sigh
  • 0

#13
Essexboy
Posted 24 October 2008 - 12:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached zip file to your desktop and extract the fixshell.cmd to your desktop.
Run this .cmd file by double clicking, it can take up to 5 minutes to run
Reboot and let me know the result

[attachment=24173:FixShell.zip]
  • 0

#14
Staceyvee
Posted 24 October 2008 - 01:16 PM

Staceyvee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I can't seem to open zip. files. Every time I try I get the same error message. I think it's because I can only use task manager to open everything, it uses windows. Is there someway to reroute it?
  • 0

#15
Essexboy
Posted 24 October 2008 - 02:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Here is a direct link to the command file http://cid-32d8666f4...es/FixShell.cmd
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP