Solved Windows XP, can't open Windows Explorer and associated programs.

Status
Not open for further replies.
SystemLook:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:10 on 07/11/2010 by Temir
Administrator - Elevation successful

========== filefind ==========

Searching for "wininet.dll"
C:\WINDOWS\$hf_mig$\KB980182\SP2QFE\wininet.dll --a---- 668672 bytes [06:05 26/02/2010] [06:05 26/02/2010] B42B5BCCDB9853F480FDBB80E5604C30
C:\WINDOWS\$hf_mig$\KB980182\SP3GDR\wininet.dll --a---- 667136 bytes [05:43 26/02/2010] [05:43 26/02/2010] 6F0C67BA6837D82E2366AEAD046FAF4C
C:\WINDOWS\$hf_mig$\KB980182\SP3QFE\wininet.dll --a---- 668672 bytes [05:37 26/02/2010] [05:37 26/02/2010] AEB15B107E1C6543F99D9104BE0DD800
C:\WINDOWS\ERDNT\cache\wininet.dll --a---- 662016 bytes [12:53 02/05/2010] [06:12 26/02/2010] 728AB52393206408EFAD838F797F435D
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll --a---- 666112 bytes [00:12 14/04/2008] [00:12 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
C:\WINDOWS\system32\wininet.dll --a---- 662016 bytes [12:00 10/08/2004] [06:12 26/02/2010] 728AB52393206408EFAD838F797F435D
C:\WINDOWS\system32\dllcache\wininet.dll --a--c- 662016 bytes [12:00 10/08/2004] [06:12 26/02/2010] 728AB52393206408EFAD838F797F435D

-= EOF =-
 
OTL report:

All processes killed
========== OTL ==========
Service NanoServiceMain stopped successfully!
Service NanoServiceMain deleted successfully!
File C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\NPS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\CfgData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security folder moved successfully.
ADS C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\religions.pdf:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 38784 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.PRIVATE-A7D0BBD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Opera cache emptied: 1855214 bytes
->Flash cache emptied: 456 bytes

User: Administrator.PRIVATE-A7D0BBD.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 17378895 bytes
->Opera cache emptied: 7868917 bytes
->Flash cache emptied: 48823 bytes

User: Administrator.PRIVATE-A7D0BBD.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 38784 bytes

User: Administrator.PRIVATE-A7D0BBD.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 38784 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 38784 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Temir
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 4559931 bytes
->Flash cache emptied: 0 bytes

User: Temir.PRIVATE-A7D0BBD.000
->Temp folder emptied: 154127705 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 7465820 bytes
->FireFox cache emptied: 41022813 bytes
->Opera cache emptied: 7933809 bytes
->Flash cache emptied: 1057608 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16702 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 232,00 mb


[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: Administrator

User: Administrator.PRIVATE-A7D0BBD
->Flash cache emptied: 0 bytes

User: Administrator.PRIVATE-A7D0BBD.000
->Flash cache emptied: 0 bytes

User: Administrator.PRIVATE-A7D0BBD.001
->Flash cache emptied: 0 bytes

User: Administrator.PRIVATE-A7D0BBD.002
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: LocalService.NT AUTHORITY.001

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: NetworkService.NT AUTHORITY.001

User: Temir
->Flash cache emptied: 0 bytes

User: Temir.PRIVATE-A7D0BBD.000
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11072010_181421

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
When you're done with OTL....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\WINDOWS\$hf_mig$\KB980182\SP3QFE\wininet.dll | C:\WINDOWS\system32\wininet.dll


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

See, if Windows Explorer will work now.
 
Combofix.txt:

ComboFix 10-11-07.04 - Temir 07/11/2010 18.25.42.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1023.583 [GMT 1:00]
Running from: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll --> c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 17:14 . 2010-11-07 17:14 -------- d-----w- C:\_OTL
2010-11-07 17:05 . 2010-11-07 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-11-06 14:17 . 2010-11-06 14:17 -------- d-----w- c:\documents and settings\admin
2010-11-03 22:02 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-11-03 22:02 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-03 22:02 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-11-03 22:02 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-11-03 22:02 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-11-03 22:01 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-11-03 22:01 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-11-03 22:01 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-11-03 22:01 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-11-03 22:01 . 2004-08-03 22:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-11-03 22:01 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-11-03 22:01 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-11-03 21:58 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-11-03 21:58 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-11-03 21:58 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-11-03 21:58 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-11-03 21:58 . 2004-08-03 21:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-11-03 21:58 . 2004-08-03 22:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2010-11-03 21:58 . 2004-08-03 23:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-11-03 21:58 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-11-03 21:58 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-11-03 21:58 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-11-03 21:58 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-11-03 21:56 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-11-03 21:55 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-11-03 21:55 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-11-03 21:55 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-11-03 21:55 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-11-03 21:55 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-11-03 21:55 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-11-03 21:52 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-11-03 21:51 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-11-03 21:51 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-11-03 21:51 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-11-03 21:51 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-11-03 21:51 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-11-03 21:51 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-11-03 21:51 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-11-03 21:51 . 2004-08-03 22:07 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2010-11-03 21:51 . 2004-08-03 22:07 16128 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-11-03 21:51 . 2004-08-03 22:07 6016 -c--a-w- c:\windows\system32\dllcache\smbali.sys
2010-11-03 21:51 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-11-03 21:51 . 2001-08-17 21:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-11-03 21:49 . 2001-08-17 11:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-11-03 21:48 . 2001-08-17 13:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-11-03 21:47 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-11-03 21:46 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-11-03 21:45 . 2001-08-17 13:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-11-03 21:44 . 2001-08-17 13:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2010-11-03 21:43 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-11-03 21:42 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-11-03 21:42 . 2004-08-03 23:56 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2010-11-03 21:42 . 2004-08-03 21:29 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2010-11-03 21:42 . 2004-08-03 21:41 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2010-11-03 21:42 . 2004-08-03 21:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2010-11-03 21:42 . 2004-08-03 22:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-11-03 21:42 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-11-03 21:42 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-11-03 21:42 . 2004-08-03 22:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-11-03 21:42 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-11-03 21:42 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-11-03 21:42 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-11-03 21:42 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-11-03 21:40 . 2001-08-17 12:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
2010-11-03 21:39 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-11-03 21:39 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-11-03 21:39 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-11-03 21:39 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-11-03 21:39 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-11-03 21:39 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-11-03 21:39 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-11-03 21:39 . 2004-08-03 21:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-11-03 21:39 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-11-03 21:39 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-11-03 21:38 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-11-03 21:36 . 2004-08-03 21:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-11-03 21:35 . 2001-08-17 21:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-11-03 21:34 . 2001-08-17 13:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-11-03 21:33 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-11-03 21:32 . 2001-08-17 11:11 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2010-11-03 21:31 . 2001-08-17 21:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2010-11-03 21:30 . 2001-08-17 11:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-11-03 21:29 . 2004-08-03 23:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2010-11-03 21:28 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-11-03 21:27 . 2004-08-03 21:29 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
2010-11-03 21:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-11-03 14:57 . 2010-10-13 21:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Interactive
2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\log
2010-11-03 12:40 . 2010-11-03 12:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-03 11:10 . 2010-11-03 12:40 -------- d-s---w- c:\documents and settings\Administrator.PRIVATE-A7D0BBD
2010-11-02 15:02 . 2010-11-03 12:40 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
2010-10-16 22:39 . 2010-10-16 22:39 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
2010-10-09 09:22 . 2010-10-09 09:22 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
2010-10-09 08:44 . 2010-10-09 08:44 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 14:45 . 2004-08-10 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-09-15 02:50 . 2010-05-07 10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-05-07 10:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2010-11-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/09/2010 23.41.09 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/09/2010 23.40.43 41936]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [05/08/2010 13.08.04 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05/08/2010 13.08.04 111312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 13.00.00 14336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/10/2010 17.15.42 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/10/2010 17.15.42 8320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12.37.14 517096]
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-20 01:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {4B98396A-1F15-4792-B650-A5C74B20C398} = 62.211.69.170,212.48.4.30
FF - ProfilePath - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Macromedia\Flash Player\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 18:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\msi.dll
.
Completion time: 2010-11-07 18:31:43
ComboFix-quarantined-files.txt 2010-11-07 17:31
ComboFix2.txt 2010-11-07 01:17

Pre-Run: 3.973.525.504 bytes free
Post-Run: 3.957.239.808 bytes free

- - End Of File - - 014002D8B38EDA4F7C94A6F1FD924B52
 
OK, let's leave this issue alone for now and let's finish cleaning process first.

Any other current issues?
Would you mind switching from McAfee to something else?

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
These are the current issues: Adobe Fireworks CS5, Flash CS5, Dreamweaver CS5 won't run.

No, no, i don't mind to change antivirus. I even asked you before which Security Program do you suggest me.
 
Security Check hangs? I am waiting for the report. It says in the black box: "Preparing Done!"
 
Adobe Fireworks CS5, Flash CS5, Dreamweaver CS5 won't run
Click to expand...
You may need to reinstall them, but don't do it yet.
Those issue may be connected to possible system files issues.

Give SecurityCheck little bit more time.
If still stuck, stop it, retry.
If still no go, proceed with next steps.
 
BTW, IE won't open. I didn't check it before because i don't use IE, but now I decided to open IE because in ESET i read "You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. (...)".
I am running ESET from Opera. It made me download a little program, i launched it, but i think that it hangs...
 
It says in this mini ESET program: "Downloading Components", "Downloading ESET online Scanner". But nothing happens. The progress bar is empty.
 
Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
You were talkin g about the Quick 60 seconds scan right?
Report:


QuickScan Beta 32-bit v0.9.9.50
-------------------------------
Scan date: Sun Nov 07 20:09:08 2010
Machine ID: E0165A64

C:/Program Files/Common Files/Akamai/rswin_3653.dll - could not be accessed


No infection found.
-------------------



Processes
---------
AcroTray - Adobe Acrobat Distiller help 352 D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Apple Mobile Device Service 980 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Bonjour 992 C:\Program Files\Bonjour\mDNSResponder.exe
Firefox 276 C:\Program Files\Mozilla Firefox\firefox.exe
HP PML 1816 C:\WINDOWS\system32\HPZipm12.exe
HP Software Update Application 176 D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
iTunes 2272 C:\Program Files\iPod\bin\iPodService.exe
iTunes 400 D:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE 6 U22 1468 D:\Program Files\Java\jre6\bin\jqs.exe
Java(TM) Platform SE Auto Updater 2 0 432 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Application Error Reporting 460 C:\WINDOWS\system32\dwwin.exe
Microsoft Application Error Reporting 2216 C:\WINDOWS\system32\dwwin.exe
Microsoft® Windows® Operating System 232 C:\WINDOWS\ehome\ehmsas.exe
Microsoft® Windows® Operating System 1052 C:\WINDOWS\ehome\ehRecvr.exe
Microsoft® Windows® Operating System 1472 C:\WINDOWS\ehome\ehSched.exe
Microsoft® Windows® Operating System 2040 C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System 1912 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2664 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 552 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 3192 C:\WINDOWS\system32\dllhost.exe
Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\dumprep.exe
Microsoft® Windows® Operating System 632 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 424 C:\WINDOWS\system32\rundll32.exe
Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 496 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1732 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1332 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1452 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1888 C:\WINDOWS\system32\wdfmgr.exe
Microsoft® Windows® Operating System 576 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 1892 C:\WINDOWS\system32\wscntfy.exe
NVIDIA Driver Helper Service, Version 2 776 C:\WINDOWS\system32\nvsvc32.exe
Opera Internet Browser 3088 D:\Program Files\Opera\opera.exe


Network activity
----------------
Process firefox.exe (276) connected on port 80 (HTTP) --> 74.125.79.100
Process firefox.exe (276) connected on port 80 (HTTP) --> 95.101.213.115
Process firefox.exe (276) connected on port 80 (HTTP) --> 95.101.220.20
Process firefox.exe (276) connected on port 80 (HTTP) --> 195.22.202.72
Process opera.exe (3088) connected on port 80 (HTTP) --> 216.137.61.186
Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.188.74
Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.210.77
Process opera.exe (3088) connected on port 443 (HTTP over SSL) --> 74.125.79.95
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.40
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.10
Process opera.exe (3088) connected on port 80 (HTTP) --> 69.63.190.10
Process opera.exe (3088) connected on port 80 (HTTP) --> 8.12.226.191
Process opera.exe (3088) connected on port 80 (HTTP) --> 67.214.159.90
Process opera.exe (3088) connected on port 80 (HTTP) --> 8.12.226.191
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.72
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.88
Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.96
Process opera.exe (3088) connected on port 80 (HTTP) --> 64.136.52.25
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.27
Process opera.exe (3088) connected on port 80 (HTTP) --> 193.149.47.99
Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.220.20
Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.154
Process opera.exe (3088) connected on port 80 (HTTP) --> 216.137.61.61
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.88
Process opera.exe (3088) connected on port 80 (HTTP) --> 74.122.140.23
Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.213.115
Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.148
Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.154
Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.255.148
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.72
Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.67
Process opera.exe (3088) connected on port 80 (HTTP) --> 63.135.86.29
Process opera.exe (3088) connected on port 80 (HTTP) --> 74.125.79.101

Process svchost.exe (868) listens on ports: 3389 (Terminal Server)
Process svchost.exe (916) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AcroTray - Adobe Acrobat Distiller help D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Adobe Acrobat D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
Adobe CS5 Service Manager C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
HP Software Update Application D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
iTunes D:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System K:\autorun.exe
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
SBSV 2010/02/19-11:02:07 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe


Browser plugins
---------------
2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
BitDefender QuickScan C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
HPDEXAXO C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22 d:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22 D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U22 d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Octoshape Streaming Services C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll


Missing files
-------------
File not found: C:\DOCUME~1\Temir\LOCALS~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
--> HKLM\System\ControlSet001\services\McShield\"ImagePath"

File not found: C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
--> HKLM\System\ControlSet001\services\mfefire\"ImagePath"

File not found: C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
--> HKLM\System\ControlSet001\services\mcmscsvc\"ImagePath"

File not found: C:\Program Files\McAfee\VirusScan\mcods.exe
--> HKLM\System\ControlSet001\services\McODS\"ImagePath"

File not found: C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
--> HKLM\System\ControlSet001\services\NanoServiceMain\"ImagePath"

File not found: system32\DRIVERS\mfendisk.sys
--> HKLM\System\ControlSet001\services\mfendiskmp\"ImagePath"

File not found: system32\drivers\mfeapfk.sys
--> HKLM\System\ControlSet001\services\mfeapfk\"ImagePath"

File not found: system32\drivers\mfeavfk.sys
--> HKLM\System\ControlSet001\services\mfeavfk\"ImagePath"

File not found: system32\drivers\mfebopk.sys
--> HKLM\System\ControlSet001\services\mfebopk\"ImagePath"

File not found: system32\drivers\mfefirek.sys
--> HKLM\System\ControlSet001\services\mfefirek\"ImagePath"

File not found: system32\drivers\mfehidk.sys
--> HKLM\System\ControlSet001\services\mfehidk\"ImagePath"

File not found: system32\drivers\mferkdet.sys
--> HKLM\System\ControlSet001\services\mferkdet\"ImagePath"

File not found: system32\drivers\mfetdi2k.sys
--> HKLM\System\ControlSet001\services\mfetdi2k\"ImagePath"


Scan
----


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.05 MB sent, 1.80 KB recvd
Scanned 992 files and modules - 48 seconds

==============================================================================
 
Good.
Now, we'll finish cleaning process and we'll go back to your other issues.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3!!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Status
Not open for further replies.

Similar threads

Tekman777
Problems with Windows Update and Defender
Replies
0
Views
498
Tekman777
Tekman777
A
Microsoft will erase WordPad with the next Windows 11 upgrade
Replies
15
Views
224
amghwk
amghwk
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back