TechSpot

My desktop and start bar have gone, can only use task manager

By twoshai
Oct 18, 2010
  1. I was in the middle of a system restore when the power cut. When my computer loaded again i got the welcome screen and an error message which reads "Explorer EXE - Bad Image...The application or DLL C:\WINDOWS\System32\BROWSERUI.dll is not a valid Windows Image. Please check this against your installation diskette. I only see the image i saved as my desk top picture. I have no cds for this computer so cant to a install or clean up. I have tried starting in safe mode this brings up a black screen with safe mode all around it and then a message saying display properties are wrong. I have tried last good configuration also. Please help me if you can

    Here are my combo fix and hijack logs

    ComboFix 10-10-17.01 - User 10/18/2010 15:41:06.2.2 - x86
    Running from: c:\documents and settings\User\My Documents\Downloads\puppy.exe.exe
    c:\windows\system32\vbscript.dll is missing
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\User\Application Data\EurekaLog
    C:\install.exe
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\ScreenSaver\Images\04D649F4.urr
    c:\program files\FunWebProducts\ScreenSaver\Images\04D7839C.urr
    c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Cache\04D802DF
    c:\program files\MyWebSearch\bar\Cache\04D80A12
    c:\program files\MyWebSearch\bar\Cache\04D80DEB.bin
    c:\program files\MyWebSearch\bar\Cache\04D80EC5.bin
    c:\program files\MyWebSearch\bar\Cache\04D80F42.bin
    c:\program files\MyWebSearch\bar\Cache\04D80FA0.bin
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search3
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
    c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
    c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE


    ((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
    .

    2010-10-17 20:56 . 2010-10-17 20:56 -------- d-----w- C:\275b1ae08500faf54f84f202d66cf63a
    2010-10-16 19:09 . 2010-10-16 19:09 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-16 18:52 . 2008-08-01 06:42 4805 ----a-w- c:\windows\shellfix.bat
    2010-10-16 17:27 . 2010-10-16 17:27 -------- d-----w- c:\program files\Trend Micro
    2010-10-16 15:19 . 2010-10-16 15:19 -------- d-----w- c:\program files\Glary Undelete
    2010-10-16 15:19 . 2010-10-16 15:19 -------- d-----w- c:\documents and settings\User\Application Data\GlarySoft
    2010-10-16 15:12 . 2010-10-16 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
    2010-10-16 15:12 . 2010-10-16 15:12 -------- d-----w- c:\program files\RegCure
    2010-10-16 15:06 . 2010-09-07 13:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-16 15:06 . 2010-09-07 13:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-16 15:06 . 2010-09-07 13:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-16 15:06 . 2010-09-07 13:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-16 15:06 . 2010-09-07 13:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-16 15:06 . 2010-09-07 13:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-16 15:06 . 2010-09-07 13:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-16 15:06 . 2010-09-07 14:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-16 15:06 . 2010-09-07 14:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-16 15:06 . 2010-10-16 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-16 15:04 . 2010-10-16 15:04 217088 ----a-w- c:\program files\Mozilla Firefox\sysclean.exe
    2010-10-16 12:48 . 2010-10-16 16:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-10-16 12:48 . 2010-10-16 12:48 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-10-16 12:47 . 2010-10-16 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-10-16 12:00 . 2010-10-16 12:03 -------- d-----w- c:\windows\system32\CatRoot_bak
    2010-10-16 09:59 . 2010-10-16 09:59 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-10-16 09:53 . 2010-10-16 09:55 -------- d-----w- c:\documents and settings\User\Application Data\ErrorTeck
    2010-10-16 09:26 . 2010-10-16 14:46 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-10-13 09:36 . 2010-10-13 22:46 -------- d-----w- c:\program files\Drawn - Dark Flight
    2010-10-13 09:10 . 2010-10-13 22:46 -------- d-----w- c:\program files\Dark Tales - Edgar Allan Poe's The Black Cat
    2010-10-12 04:06 . 2010-10-13 22:47 -------- d-----w- c:\program files\First Class Flurry
    2010-10-11 19:21 . 2010-10-11 19:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-11 19:17 . 2010-10-11 19:17 -------- d-----w- c:\program files\Farm Frenzy
    2010-10-11 19:17 . 2010-10-11 19:17 -------- d-----w- c:\program files\Farm Frenzy 2
    2010-10-11 19:17 . 2010-10-11 19:17 -------- d-----w- c:\program files\Farm Frenzy 3
    2010-10-11 19:17 . 2010-10-11 19:17 -------- d-----w- c:\program files\Farm Frenzy 3 - Ice Age
    2010-10-11 19:17 . 2010-10-11 19:17 -------- d-----w- c:\program files\Farm Frenzy 3 - Russian Roulette
    2010-10-11 19:16 . 2010-10-11 19:16 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-10 09:01 . 2010-10-11 19:15 -------- d-----w- c:\program files\Cooking Dash - DinerTown Studios
    2010-10-10 08:56 . 2010-10-10 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
    2010-10-10 08:51 . 2010-10-10 08:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2010-10-10 08:50 . 2010-10-10 08:50 -------- d-----w- c:\documents and settings\LocalService\IETldCache
    2010-10-10 06:22 . 2010-10-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-10-10 06:21 . 2010-10-11 19:15 -------- d-----w- c:\program files\McAfee Security Scan
    2010-10-10 06:06 . 2010-10-11 19:15 -------- dc----w- c:\windows\ie8(2)
    2010-09-22 05:10 . 2010-08-12 19:03 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-22 05:10 . 2010-08-12 19:03 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    Cryptography Services Error !!

    c:\windows\System32\mshtml.dll ... is missing !!
    c:\windows\System32\wininet.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1157609.exe" [2010-05-05 467224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-08 1286608]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-12 14:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 16:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-06-15 04:59 136176 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-01-12 21:47 163840 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-01-12 21:47 131072 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 03:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-01-12 21:46 135168 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 09:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2005-01-11 14:01 32768 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-13 23:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-01-30 19:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
    "c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-16 16968]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-09 217032]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-29 23:34]

    2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:44]

    2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:44]

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-1177238915-1003Core.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-22 04:59]

    2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-1177238915-1003UA.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-22 04:59]

    2010-10-16 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mystart.incredimail.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.21\AMVConverter\grab.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: facebook.com\www
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5fty5b4l.default\
    FF - prefs.js: browser.startup.homepage - www.trademe.co.nz
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5fty5b4l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5fty5b4l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-AtiExtEvent - (no file)
    AddRemove-BFG-Dark Tales - Edgar Allan Poe's The Black Cat - c:\program files\Dark Tales - Edgar Allan Poe's The Black Cat\Uninstall.exe
    AddRemove-BFG-Drawn - Dark Flight - c:\program files\Drawn - Dark Flight\Uninstall.exe
    AddRemove-BFG-First Class Flurry - c:\program files\First Class Flurry\Uninstall.exe
    AddRemove-BFGC - c:\program files\bfgclient\Uninstall.exe
    AddRemove-GoldWave v5.57 - c:\program files\GoldWave\unstall.exe


    .
    Completion time: 2010-10-18 16:50:16
    ComboFix-quarantined-files.txt 2010-10-18 03:33

    Pre-Run: 18,758,516,736 bytes free
    Post-Run: 18,750,693,376 bytes free

    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    - - End Of File - - C7549B92256EAE27575E1B15556B22B8

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:52:32 PM, on 10/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1157609.exe" -Update
    O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.21\AMVConverter\grab.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.facebook.com
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Sims%20Carnival%20SnapCity/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Sims%20Carnival%20SnapCity/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 5425 bytes
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, you've kind of gone through things backwards. If you had read our sticky above the forum, you would have seen "Do not run Combifix unless instructed to by your helper"

    Your system was infected with MyWebSearch at least. Had you run our preliminary steps, Malwarebytes would have removed all or most of it- way before Combofix. We don't screen with HJT.

    First, you need to address that you are using multiple antivirus programs: McAfee and Avast. One of those should be removed.

    Second, it looks like you've been around the internet gathering programs to try and fix your problem. That doesn't mean they're 'good' programs, so I am recommending you uninstall the following:
    Hitman Pro 3.5
    ParetoLogic>> XOffSpy??
    ErrorTeck>> Torrent download?
    Emsisoft Anti-Malware>> this program is now named a-squared so this may be an old version


    Due to the fact that the system may have sustained some damage from the power spike, you should attempt to run CHKDSK with fix files and scan sector:

    CHKDSK = Error Checking

    Where to set Error Checking up
    You can do the Error Check from Command Prompt:
    Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f /r Click on Enter> Close message and reboot. Chkdsk will start in a few seconds

    Or Windows Explorer:
    Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

    The system will reboot after the Error Checking has finished.

    The choices in Error Checking:
    1. CHKDSK or Error Check alone will only scan the current drive but will not fix errors on the disc or attempt to recover bad sectors. Using Start or Enter begins the process without a reboot.
    2. VolumeSpecifies the drive letter other than the Local Drive (followed by a colon), mount point, or volume name.) To have the checking use a different drive, the Command Chkdsk is followed by the drive letter, then a colon such as chkdsk volume E:
    3. File Errors can be found and fixed using the switch /F The nag message that comes up can be closed and the system rebooted to start the checking.
    4. Recovery of readable information in bad sectors can be done by using the switch /R This implies that the /F switch has also been used. Locates bad sectors and recovers readable information (implies /F).The nag message that comes up can be closed and the system rebooted to start the checking.

    (Please note: this is not meant to include all of the options available for Error Checking- just the appropriate options here)
    ====================================
    See how this goes. If files were damaged too badly in the spike, you may need to replace them using the System File Checker (SFC) so be looking for the operating system CD.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...