TechSpot

Windows XP, can't open Windows Explorer and associated programs.

Solved
By temir
Nov 3, 2010
  1. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    We posted at the same time.
     
  2. temir

    temir TS Rookie Topic Starter Posts: 87

    :D:D:D
     
  3. temir

    temir TS Rookie Topic Starter Posts: 87

    SystemLook:

    SystemLook 04.09.10 by jpshortstuff
    Log created at 18:10 on 07/11/2010 by Temir
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "wininet.dll"
    C:\WINDOWS\$hf_mig$\KB980182\SP2QFE\wininet.dll --a---- 668672 bytes [06:05 26/02/2010] [06:05 26/02/2010] B42B5BCCDB9853F480FDBB80E5604C30
    C:\WINDOWS\$hf_mig$\KB980182\SP3GDR\wininet.dll --a---- 667136 bytes [05:43 26/02/2010] [05:43 26/02/2010] 6F0C67BA6837D82E2366AEAD046FAF4C
    C:\WINDOWS\$hf_mig$\KB980182\SP3QFE\wininet.dll --a---- 668672 bytes [05:37 26/02/2010] [05:37 26/02/2010] AEB15B107E1C6543F99D9104BE0DD800
    C:\WINDOWS\ERDNT\cache\wininet.dll --a---- 662016 bytes [12:53 02/05/2010] [06:12 26/02/2010] 728AB52393206408EFAD838F797F435D
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll --a---- 666112 bytes [00:12 14/04/2008] [00:12 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
    C:\WINDOWS\system32\wininet.dll --a---- 662016 bytes [12:00 10/08/2004] [06:12 26/02/2010] 728AB52393206408EFAD838F797F435D
    C:\WINDOWS\system32\dllcache\wininet.dll --a--c- 662016 bytes [12:00 10/08/2004] [06:12 26/02/2010] 728AB52393206408EFAD838F797F435D

    -= EOF =-
     
  4. temir

    temir TS Rookie Topic Starter Posts: 87

    OTL report:

    All processes killed
    ========== OTL ==========
    Service NanoServiceMain stopped successfully!
    Service NanoServiceMain deleted successfully!
    File C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\NPS folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\CfgData folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Panda Security folder moved successfully.
    ADS C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\religions.pdf:SummaryInformation deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: admin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 38784 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Administrator.PRIVATE-A7D0BBD
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes
    ->Opera cache emptied: 1855214 bytes
    ->Flash cache emptied: 456 bytes

    User: Administrator.PRIVATE-A7D0BBD.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 17378895 bytes
    ->Opera cache emptied: 7868917 bytes
    ->Flash cache emptied: 48823 bytes

    User: Administrator.PRIVATE-A7D0BBD.001
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 38784 bytes

    User: Administrator.PRIVATE-A7D0BBD.002
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 38784 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 38784 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.NT AUTHORITY.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService.NT AUTHORITY.001
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.NT AUTHORITY.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService.NT AUTHORITY.001
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Temir
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 4559931 bytes
    ->Flash cache emptied: 0 bytes

    User: Temir.PRIVATE-A7D0BBD.000
    ->Temp folder emptied: 154127705 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 7465820 bytes
    ->FireFox cache emptied: 41022813 bytes
    ->Opera cache emptied: 7933809 bytes
    ->Flash cache emptied: 1057608 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16702 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 232,00 mb


    [EMPTYFLASH]

    User: admin
    ->Flash cache emptied: 0 bytes

    User: Administrator

    User: Administrator.PRIVATE-A7D0BBD
    ->Flash cache emptied: 0 bytes

    User: Administrator.PRIVATE-A7D0BBD.000
    ->Flash cache emptied: 0 bytes

    User: Administrator.PRIVATE-A7D0BBD.001
    ->Flash cache emptied: 0 bytes

    User: Administrator.PRIVATE-A7D0BBD.002
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: LocalService.NT AUTHORITY

    User: LocalService.NT AUTHORITY.000

    User: LocalService.NT AUTHORITY.001

    User: NetworkService

    User: NetworkService.NT AUTHORITY

    User: NetworkService.NT AUTHORITY.000

    User: NetworkService.NT AUTHORITY.001

    User: Temir
    ->Flash cache emptied: 0 bytes

    User: Temir.PRIVATE-A7D0BBD.000
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11072010_181421

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  5. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    When you're done with OTL....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\$hf_mig$\KB980182\SP3QFE\wininet.dll | C:\WINDOWS\system32\wininet.dll
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    See, if Windows Explorer will work now.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Posted at the same time again :)
     
  7. temir

    temir TS Rookie Topic Starter Posts: 87

    Yes, again :)
     
  8. temir

    temir TS Rookie Topic Starter Posts: 87

    Combofix.txt:

    ComboFix 10-11-07.04 - Temir 07/11/2010 18.25.42.6.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1023.583 [GMT 1:00]
    Running from: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\CFScript.txt
    AV: *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    --------------- FCopy ---------------

    c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll --> c:\windows\system32\wininet.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
    .

    2010-11-07 17:14 . 2010-11-07 17:14 -------- d-----w- C:\_OTL
    2010-11-07 17:05 . 2010-11-07 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
    2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
    2010-11-06 14:17 . 2010-11-06 14:17 -------- d-----w- c:\documents and settings\admin
    2010-11-03 22:02 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-11-03 22:02 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-11-03 22:02 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-11-03 22:02 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-11-03 22:02 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-11-03 22:01 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2010-11-03 22:01 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-11-03 22:01 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-11-03 22:01 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-11-03 22:01 . 2004-08-03 22:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2010-11-03 22:01 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-11-03 22:01 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-11-03 21:58 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
    2010-11-03 21:58 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2010-11-03 21:58 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
    2010-11-03 21:58 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
    2010-11-03 21:58 . 2004-08-03 21:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2010-11-03 21:58 . 2004-08-03 22:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
    2010-11-03 21:58 . 2004-08-03 23:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
    2010-11-03 21:58 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2010-11-03 21:58 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2010-11-03 21:58 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2010-11-03 21:58 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-11-03 21:56 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
    2010-11-03 21:55 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
    2010-11-03 21:55 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2010-11-03 21:55 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2010-11-03 21:55 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2010-11-03 21:55 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
    2010-11-03 21:55 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
    2010-11-03 21:52 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
    2010-11-03 21:51 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2010-11-03 21:51 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-11-03 21:51 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
    2010-11-03 21:51 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
    2010-11-03 21:51 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
    2010-11-03 21:51 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
    2010-11-03 21:51 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
    2010-11-03 21:51 . 2004-08-03 22:07 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
    2010-11-03 21:51 . 2004-08-03 22:07 16128 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
    2010-11-03 21:51 . 2004-08-03 22:07 6016 -c--a-w- c:\windows\system32\dllcache\smbali.sys
    2010-11-03 21:51 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
    2010-11-03 21:51 . 2001-08-17 21:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
    2010-11-03 21:49 . 2001-08-17 11:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2010-11-03 21:48 . 2001-08-17 13:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2010-11-03 21:47 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2010-11-03 21:46 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
    2010-11-03 21:45 . 2001-08-17 13:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
    2010-11-03 21:44 . 2001-08-17 13:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
    2010-11-03 21:43 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-11-03 21:42 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2010-11-03 21:42 . 2004-08-03 23:56 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
    2010-11-03 21:42 . 2004-08-03 21:29 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
    2010-11-03 21:42 . 2004-08-03 21:41 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2010-11-03 21:42 . 2004-08-03 21:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2010-11-03 21:42 . 2004-08-03 22:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2010-11-03 21:42 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2010-11-03 21:42 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2010-11-03 21:42 . 2004-08-03 22:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2010-11-03 21:42 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2010-11-03 21:42 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2010-11-03 21:42 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2010-11-03 21:42 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2010-11-03 21:40 . 2001-08-17 12:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
    2010-11-03 21:39 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-03 21:39 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-03 21:39 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2010-11-03 21:39 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
    2010-11-03 21:39 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
    2010-11-03 21:39 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
    2010-11-03 21:39 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
    2010-11-03 21:39 . 2004-08-03 21:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
    2010-11-03 21:39 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
    2010-11-03 21:39 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-11-03 21:38 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-11-03 21:36 . 2004-08-03 21:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
    2010-11-03 21:35 . 2001-08-17 21:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
    2010-11-03 21:34 . 2001-08-17 13:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
    2010-11-03 21:33 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-11-03 21:32 . 2001-08-17 11:11 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
    2010-11-03 21:31 . 2001-08-17 21:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
    2010-11-03 21:30 . 2001-08-17 11:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
    2010-11-03 21:29 . 2004-08-03 23:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
    2010-11-03 21:28 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-11-03 21:27 . 2004-08-03 21:29 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
    2010-11-03 21:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-11-03 14:57 . 2010-10-13 21:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Interactive
    2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\log
    2010-11-03 12:40 . 2010-11-03 12:40 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-03 11:10 . 2010-11-03 12:40 -------- d-s---w- c:\documents and settings\Administrator.PRIVATE-A7D0BBD
    2010-11-02 15:02 . 2010-11-03 12:40 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
    2010-10-16 22:39 . 2010-10-16 22:39 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
    2010-10-09 09:22 . 2010-10-09 09:22 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
    2010-10-09 08:44 . 2010-10-09 08:44 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-06 14:45 . 2004-08-10 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
    2010-09-15 02:50 . 2010-05-07 10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 00:29 . 2010-05-07 10:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ------- Sigcheck -------

    [-] 2010-11-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvio rapido di HP Image Zone.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvio rapido di HP Image Zone.lnk
    backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-11-11 08:57 1451520 ----a-w- d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MSK80Service"=2 (0x2)
    "mfevtp"=2 (0x2)
    "mfefire"=2 (0x2)
    "McShield"=2 (0x2)
    "McProxy"=2 (0x2)
    "McODS"=3 (0x3)
    "McNASvc"=2 (0x2)
    "McNaiAnn"=2 (0x2)
    "mcmscsvc"=2 (0x2)
    "McMPFSvc"=2 (0x2)
    "McAfee SiteAdvisor Service"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "d:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1031:TCP"= 1031:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/09/2010 23.41.09 143184]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/09/2010 23.40.43 41936]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [05/08/2010 13.08.04 100496]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05/08/2010 13.08.04 111312]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 13.00.00 14336]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/10/2010 17.15.42 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/10/2010 17.15.42 8320]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12.37.14 517096]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-20 01:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.it/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: {4B98396A-1F15-4792-B650-A5C74B20C398} = 62.211.69.170,212.48.4.30
    FF - ProfilePath - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-07 18:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1472)
    c:\windows\system32\msi.dll
    .
    Completion time: 2010-11-07 18:31:43
    ComboFix-quarantined-files.txt 2010-11-07 17:31
    ComboFix2.txt 2010-11-07 01:17

    Pre-Run: 3.973.525.504 bytes free
    Post-Run: 3.957.239.808 bytes free

    - - End Of File - - 014002D8B38EDA4F7C94A6F1FD924B52
     
  9. temir

    temir TS Rookie Topic Starter Posts: 87

    It didn't ask me to reboot. Windows Explorer won't open now.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Reboot and try Windows Explorer again.
     
  11. temir

    temir TS Rookie Topic Starter Posts: 87

    i've just restarted and tried windows explorer again, but nothing...
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    OK, let's leave this issue alone for now and let's finish cleaning process first.

    Any other current issues?
    Would you mind switching from McAfee to something else?

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. temir

    temir TS Rookie Topic Starter Posts: 87

    These are the current issues: Adobe Fireworks CS5, Flash CS5, Dreamweaver CS5 won't run.

    No, no, i don't mind to change antivirus. I even asked you before which Security Program do you suggest me.
     
  14. temir

    temir TS Rookie Topic Starter Posts: 87

    And another issue: Mozilla Firefox hangs when i try to download something.
     
  15. temir

    temir TS Rookie Topic Starter Posts: 87

    Security Check hangs? I am waiting for the report. It says in the black box: "Preparing Done!"
     
  16. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    You may need to reinstall them, but don't do it yet.
    Those issue may be connected to possible system files issues.

    Give SecurityCheck little bit more time.
    If still stuck, stop it, retry.
    If still no go, proceed with next steps.
     
  17. temir

    temir TS Rookie Topic Starter Posts: 87

    Security Check is still not going... I think i gave it enough time - 30 minutes.
     
  18. temir

    temir TS Rookie Topic Starter Posts: 87

    i've done TFC cleaning. Now i'm going to start with ESET scanning
     
  19. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    OK..............
     
  20. temir

    temir TS Rookie Topic Starter Posts: 87

    BTW, IE won't open. I didn't check it before because i don't use IE, but now I decided to open IE because in ESET i read "You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. (...)".
    I am running ESET from Opera. It made me download a little program, i launched it, but i think that it hangs...
     
  21. temir

    temir TS Rookie Topic Starter Posts: 87

    It says in this mini ESET program: "Downloading Components", "Downloading ESET online Scanner". But nothing happens. The progress bar is empty.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    That's fine.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
  24. temir

    temir TS Rookie Topic Starter Posts: 87

    You were talkin g about the Quick 60 seconds scan right?
    Report:


    QuickScan Beta 32-bit v0.9.9.50
    -------------------------------
    Scan date: Sun Nov 07 20:09:08 2010
    Machine ID: E0165A64

    C:/Program Files/Common Files/Akamai/rswin_3653.dll - could not be accessed


    No infection found.
    -------------------



    Processes
    ---------
    AcroTray - Adobe Acrobat Distiller help 352 D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    Apple Mobile Device Service 980 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    Bonjour 992 C:\Program Files\Bonjour\mDNSResponder.exe
    Firefox 276 C:\Program Files\Mozilla Firefox\firefox.exe
    HP PML 1816 C:\WINDOWS\system32\HPZipm12.exe
    HP Software Update Application 176 D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    iTunes 2272 C:\Program Files\iPod\bin\iPodService.exe
    iTunes 400 D:\Program Files\iTunes\iTunesHelper.exe
    Java(TM) Platform SE 6 U22 1468 D:\Program Files\Java\jre6\bin\jqs.exe
    Java(TM) Platform SE Auto Updater 2 0 432 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Microsoft Application Error Reporting 460 C:\WINDOWS\system32\dwwin.exe
    Microsoft Application Error Reporting 2216 C:\WINDOWS\system32\dwwin.exe
    Microsoft® Windows® Operating System 232 C:\WINDOWS\ehome\ehmsas.exe
    Microsoft® Windows® Operating System 1052 C:\WINDOWS\ehome\ehRecvr.exe
    Microsoft® Windows® Operating System 1472 C:\WINDOWS\ehome\ehSched.exe
    Microsoft® Windows® Operating System 2040 C:\WINDOWS\ehome\ehtray.exe
    Microsoft® Windows® Operating System 1912 C:\WINDOWS\explorer.exe
    Microsoft® Windows® Operating System 2664 C:\WINDOWS\system32\alg.exe
    Microsoft® Windows® Operating System 552 C:\WINDOWS\system32\csrss.exe
    Microsoft® Windows® Operating System 3192 C:\WINDOWS\system32\dllhost.exe
    Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\dumprep.exe
    Microsoft® Windows® Operating System 632 C:\WINDOWS\system32\lsass.exe
    Microsoft® Windows® Operating System 424 C:\WINDOWS\system32\rundll32.exe
    Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\services.exe
    Microsoft® Windows® Operating System 496 C:\WINDOWS\system32\smss.exe
    Microsoft® Windows® Operating System 1732 C:\WINDOWS\system32\spoolsv.exe
    Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1332 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1452 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1888 C:\WINDOWS\system32\wdfmgr.exe
    Microsoft® Windows® Operating System 576 C:\WINDOWS\system32\winlogon.exe
    Microsoft® Windows® Operating System 1892 C:\WINDOWS\system32\wscntfy.exe
    NVIDIA Driver Helper Service, Version 2 776 C:\WINDOWS\system32\nvsvc32.exe
    Opera Internet Browser 3088 D:\Program Files\Opera\opera.exe


    Network activity
    ----------------
    Process firefox.exe (276) connected on port 80 (HTTP) --> 74.125.79.100
    Process firefox.exe (276) connected on port 80 (HTTP) --> 95.101.213.115
    Process firefox.exe (276) connected on port 80 (HTTP) --> 95.101.220.20
    Process firefox.exe (276) connected on port 80 (HTTP) --> 195.22.202.72
    Process opera.exe (3088) connected on port 80 (HTTP) --> 216.137.61.186
    Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.188.74
    Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.210.77
    Process opera.exe (3088) connected on port 443 (HTTP over SSL) --> 74.125.79.95
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.40
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.10
    Process opera.exe (3088) connected on port 80 (HTTP) --> 69.63.190.10
    Process opera.exe (3088) connected on port 80 (HTTP) --> 8.12.226.191
    Process opera.exe (3088) connected on port 80 (HTTP) --> 67.214.159.90
    Process opera.exe (3088) connected on port 80 (HTTP) --> 8.12.226.191
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.72
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.88
    Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.96
    Process opera.exe (3088) connected on port 80 (HTTP) --> 64.136.52.25
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.27
    Process opera.exe (3088) connected on port 80 (HTTP) --> 193.149.47.99
    Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.220.20
    Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.154
    Process opera.exe (3088) connected on port 80 (HTTP) --> 216.137.61.61
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.88
    Process opera.exe (3088) connected on port 80 (HTTP) --> 74.122.140.23
    Process opera.exe (3088) connected on port 80 (HTTP) --> 95.101.213.115
    Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.148
    Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.234.154
    Process opera.exe (3088) connected on port 80 (HTTP) --> 72.14.255.148
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.72
    Process opera.exe (3088) connected on port 80 (HTTP) --> 195.22.202.67
    Process opera.exe (3088) connected on port 80 (HTTP) --> 63.135.86.29
    Process opera.exe (3088) connected on port 80 (HTTP) --> 74.125.79.101

    Process svchost.exe (868) listens on ports: 3389 (Terminal Server)
    Process svchost.exe (916) listens on ports: 135 (RPC)


    Autoruns and critical files
    ---------------------------
    AcroTray - Adobe Acrobat Distiller help D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    Adobe Acrobat D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
    Adobe CS5 Service Manager C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
    HP Software Update Application D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    iTunes D:\Program Files\iTunes\iTunesHelper.exe
    Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    Microsoft® Windows® Operating System K:\autorun.exe
    NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
    NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
    QuickTime C:\Program Files\QuickTime\qttask.exe
    SBSV 2010/02/19-11:02:07 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe


    Browser plugins
    ---------------
    2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
    Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
    Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    BitDefender QuickScan C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    BitDefender QuickScan C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    HPDEXAXO C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
    InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
    InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
    InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
    Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    Java(TM) Platform SE 6 U22 d:\program files\java\jre6\bin\jp2ssv.dll
    Java(TM) Platform SE 6 U22 D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    Java(TM) Platform SE 6 U22 d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
    Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    npitunes.dll D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
    nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
    NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    Octoshape Streaming Services C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
    Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll


    Missing files
    -------------
    File not found: C:\DOCUME~1\Temir\LOCALS~1\Temp\catchme.sys
    --> HKLM\System\ControlSet001\services\catchme\"ImagePath"

    File not found: C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    --> HKLM\System\ControlSet001\services\McShield\"ImagePath"

    File not found: C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    --> HKLM\System\ControlSet001\services\mfefire\"ImagePath"

    File not found: C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    --> HKLM\System\ControlSet001\services\mcmscsvc\"ImagePath"

    File not found: C:\Program Files\McAfee\VirusScan\mcods.exe
    --> HKLM\System\ControlSet001\services\McODS\"ImagePath"

    File not found: C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    --> HKLM\System\ControlSet001\services\NanoServiceMain\"ImagePath"

    File not found: system32\DRIVERS\mfendisk.sys
    --> HKLM\System\ControlSet001\services\mfendiskmp\"ImagePath"

    File not found: system32\drivers\mfeapfk.sys
    --> HKLM\System\ControlSet001\services\mfeapfk\"ImagePath"

    File not found: system32\drivers\mfeavfk.sys
    --> HKLM\System\ControlSet001\services\mfeavfk\"ImagePath"

    File not found: system32\drivers\mfebopk.sys
    --> HKLM\System\ControlSet001\services\mfebopk\"ImagePath"

    File not found: system32\drivers\mfefirek.sys
    --> HKLM\System\ControlSet001\services\mfefirek\"ImagePath"

    File not found: system32\drivers\mfehidk.sys
    --> HKLM\System\ControlSet001\services\mfehidk\"ImagePath"

    File not found: system32\drivers\mferkdet.sys
    --> HKLM\System\ControlSet001\services\mferkdet\"ImagePath"

    File not found: system32\drivers\mfetdi2k.sys
    --> HKLM\System\ControlSet001\services\mfetdi2k\"ImagePath"


    Scan
    ----


    No file uploaded.

    Scan finished - communication took 2 sec
    Total traffic - 0.05 MB sent, 1.80 KB recvd
    Scanned 992 files and modules - 48 seconds

    ==============================================================================
     
  25. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Good.
    Now, we'll finish cleaning process and we'll go back to your other issues.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 3!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.