Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe exception 0xc0000005


  • This topic is locked This topic is locked
37 replies to this topic

#1 JonnyPants

JonnyPants

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 03 January 2011 - 02:04 PM

The other day I started getting fake errors and stuff from a program called quick defrag. I was in the middle of something so I ignored it for a few minutes (probably a bad idea :P). I shut off the computer and rebooted in safe mode. I removed it from the startup and rebooted. I was going to do a full computer virus scan (I have Avast! if that's important) but it needed updated. I did that and had to reboot. When it started back up I got exception 0x0000005 in explorer.exe (it pops up 1 more time after I click ok). So here I am in safe mode again trying to figure this out :P
When I use google in IE I get redirected to some site that's not what I clicked on. Firefox was working but today it's redirecting too.

Here's my hijack this log, there are several things I'm suspicious of but I don't know enough about this to be sure.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:02:53 PM, on 1/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Mozilla Firefox\firefox.exe
D:\Programs\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Steffan Family\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Audiovox Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [DCERegBootClean] C:\WINDOWS\RegBootClean.exe -d
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gcidgvsp] C:\DOCUME~1\STEFFA~1\LOCALS~1\Temp\gdtetuslj\rtqqslllajb.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1158612.exe" -Update
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Steffan Family\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175990167250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198692566390
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/

--
End of file - 13515 bytes

If anyone can help me I would really appreciate it :)

BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 09 January 2011 - 09:28 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 09 January 2011 - 02:48 PM

Hi :) What's happening now: Right before the desktop would usually come up a box pops up about explorer.exe having exception 0x0000005. When you would normally expect to see the desktop load, the screen is solid blue and the mouse is there.

Also I can't use Google because it redirects to pages that aren't what they're supposed to be.

Here's the DDS log:


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Steffan Family at 14:31:11.50 on Sun 01/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.721 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steffan Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:8074
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Audiovox Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Audiovox Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpyDefender Shield] "c:\program files\spydefender pro\SpyDefender.exe" --scan2
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Easy Dock]
uRun: [gcidgvsp] c:\docume~1\steffa~1\locals~1\temp\gdtetuslj\rtqqslllajb.exe
uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockwave 11\SwHelper_1158612.exe" -Update
mRun: [SiSUSBRG] c:\windows\sisUSBrg.exe
mRun: [SiS Tray]
mRun: [SiS KHooker] c:\windows\system32\khooker.exe
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
mRun: [CleanupProgram] c:\sonysys\cleanup.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NWEReboot]
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [Easy Dock]
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DACSMiniApp] c:\program files\fisher-price\dacs\miniapp\DACSMiniApp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 5 se\ulead dvd moviefactory 5\Quick-Drop.exe" WINDOWCALL
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "d:\adobe\adobe reader\reader\Reader_sl.exe"
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [DCERegBootClean] c:\windows\RegBootClean.exe -d
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\steffa~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\steffan family\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vaioac~1.lnk - c:\program files\sony\vaio action setup\VAServ.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\embarq online security\anti-spyware\ieshield.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175990167250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198692566390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steffa~1\applic~1\mozilla\firefox\profiles\epwk2nev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\steffan family\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\steffan family\application data\mozilla\firefox\profiles\epwk2nev.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: d:\adobe\adobe reader\reader\browser\nppdf32.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\programs\firefox\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Wolfram Toolbar: support@wolfram.com - %profile%\extensions\support@wolfram.com
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 293968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-8-3 815819]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\steffa~1\locals~1\temp\000002b1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\steffa~1\locals~1\temp\000002b1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\steffa~1\locals~1\temp\000002b1.nmc\nse\bin\nsak.sys --> c:\docume~1\steffa~1\locals~1\temp\000002b1.nmc\nse\bin\nsak.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

=============== File Associations ===============

vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2011-01-02 20:57:21 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-02 20:24:46 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-02 19:37:09 -------- d-----w- c:\windows\system32\LogFiles
2011-01-02 19:31:37 916480 ----a-w- c:\windows\system32\wininet.dll
2011-01-02 19:31:37 583680 ----a-w- c:\windows\system32\wininet.d.old
2011-01-02 16:58:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-02 16:58:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-02 05:47:39 118784 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\544FA.tmp
2011-01-02 05:47:39 0 ----a-w- c:\windows\system32\drivers\sstFB.tmp
2010-12-23 19:21:32 -------- d-----w- c:\windows\system32\{userdocs}
2010-12-15 17:51:07 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

==================== Find3M ====================

2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2001-09-03 16:21:20 309453 --sha-w- c:\windows\rsx.exe

============= FINISH: 14:40:39.85 ===============

I'll post the GMER log in a little bit.

#4 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 09 January 2011 - 04:28 PM

GMER stops responding while it's scanning...

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 10 January 2011 - 02:30 PM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 11 January 2011 - 05:32 PM

When I ran combofix it told me I needed to disable the antivirus, but I'm not sure it was even loaded right... I don't know if this is because I have to run in safe mode or what... but anyway here's the ComboFix log:

ComboFix 11-01-10.08 - Steffan Family 01/11/2011 16:00:59.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.704 [GMT -5:00]
Running from: c:\documents and settings\Steffan Family\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steffan Family\Favorites\Thumbs.db
c:\documents and settings\Steffan Family\Start Menu\Programs\System Tool
c:\windows\desktop
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\wpe pro.INI

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-09 22:07 . 2011-01-09 22:07 -------- d-----w- c:\documents and settings\Steffan Family\Application Data\Malwarebytes
2011-01-09 22:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-09 22:06 . 2011-01-09 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-09 22:06 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 20:57 . 2011-01-02 20:57 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-02 20:24 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-02 19:37 . 2011-01-02 19:37 -------- d-----w- c:\windows\system32\LogFiles
2011-01-02 19:31 . 2010-11-06 00:26 916480 ----a-w- c:\windows\system32\wininet.dll
2011-01-02 19:31 . 2001-08-18 03:34 583680 ----a-w- c:\windows\system32\wininet.d.old
2011-01-02 16:58 . 2011-01-02 16:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-02 05:47 . 2011-01-02 05:47 0 ----a-w- c:\windows\system32\drivers\sstFB.tmp
2010-12-31 21:47 . 2010-12-31 21:48 -------- d-----w- c:\documents and settings\Administrator
2010-12-23 19:21 . 2010-12-23 19:21 -------- d-----w- c:\windows\system32\{userdocs}
2010-12-15 17:51 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-07-02 12:28 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-04-26 18:10 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-04-26 18:10 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-04-26 18:10 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2010-04-26 18:10 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2010-04-26 18:10 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2010-04-26 18:10 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-04-26 18:10 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2010-04-26 18:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-18 18:12 . 2002-08-03 15:16 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2002-08-03 15:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-03 15:04 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-03 15:05 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-03 15:04 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-08-03 15:05 1853312 ----a-w- c:\windows\system32\win32k.sys
2001-09-03 16:21 309453 --sha-w- c:\windows\rsx.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 08:06 . 2007-05-11 08:06 40048 d:\adobe\Adobe Reader\Reader\bak\Reader_sl.exe
2008-10-15 06:04 . 2008-10-15 06:04 39792 d:\adobe\Adobe Reader\Reader\reader_sl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 21:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyDefender Shield"="c:\program files\SpyDefender Pro\SpyDefender.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-25 39408]
"Easy Dock"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-26 32768]
"SiS Tray"="" [N/A]
"SiS KHooker"="c:\windows\system32\khooker.exe" [N/A]
"LTSMMSG"="LTSMMSG.exe" [2002-07-20 32768]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-07-04 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [N/A]
"CleanupProgram"="c:\sonysys\cleanup.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NWEReboot"="" [N/A]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"Easy Dock"="" [N/A]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-06-06 118784]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="d:\adobe\Adobe Reader\Reader\Reader_sl.exe" [2008-10-15 39792]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="d:\programs\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Steffan Family\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Steffan Family\My Documents\RCA Detective\RCADetective.exe [2008-12-24 804352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-7 113664]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-4-17 819200]
VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2002-8-15 40960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Sony Shared\\VAIO Media Platform\\sv_httpd.exe"=
"c:\\Program Files\\Common Files\\Sony Shared\\VAIO Media Platform\\UPnPFramework.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"d:\\Programs\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Programs\\Skype\\Phone\\Skype.exe"=
"d:\\Programs\\Quake II\\quake2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Dos\\qb64\\untitled.exe"=
"c:\\Program Files\\Elite Warriors - Vietnam Demo\\SOG.exe"=
"d:\\iTunes\\iTunes.exe"=
"d:\\Programs\\Quake II\\kmquake2\\kmquake2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

S0 xjedsvl;xjedsvl;c:\windows\system32\drivers\xhsmcd.sys --> c:\windows\system32\drivers\xhsmcd.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2010 1:10 PM 293968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2010 1:10 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 4:11 PM 135664]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [8/3/2002 10:06 AM 815819]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\STEFFA~1\LOCALS~1\Temp\000002b1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\STEFFA~1\LOCALS~1\Temp\000002b1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\STEFFA~1\LOCALS~1\Temp\000002b1.nmc\nse\bin\nsak.sys --> c:\docume~1\STEFFA~1\LOCALS~1\Temp\000002b1.nmc\nse\bin\nsak.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 21:11]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 21:11]

2007-04-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-08-03 00:12]

2011-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 21:29]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:8074
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Steffan Family\Application Data\Mozilla\Firefox\Profiles\epwk2nev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Wolfram Toolbar: support@wolfram.com - %profile%\extensions\support@wolfram.com
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -

AddRemove-SimCity 2000® Windows® 95 Demo - c:\program files\Maxis\SimCity 2000 Demo\DeIsL1.isu
AddRemove-{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1 - d:\download taxi\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 16:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-810355832-2230923689-572454927-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-11 17:23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 22:23

Pre-Run: 3,150,442,496 bytes free
Post-Run: 3,687,849,984 bytes free

- - End Of File - - 195D0EDAA9892B7D7BC2CB240AC996EF

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 11 January 2011 - 06:10 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\rsx.exe

Folder::
d:\adobe\Adobe Reader\Reader\bak

Driver::
xjedsvl
NDISKIO
nsak

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8074


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 11 January 2011 - 08:56 PM

Ok here's the log. Last I checked I still could only boot into safe mode, due to the 0xc0000005 exception.

ComboFix 11-01-10.08 - Steffan Family 01/11/2011 19:38:33.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.737 [GMT -5:00]
Running from: c:\documents and settings\Steffan Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steffan Family\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\rsx.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\adobe\Adobe Reader\Reader\bak
d:\adobe\Adobe Reader\Reader\bak\Reader_sl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISKIO
-------\Legacy_NSAK
-------\Service_NDISKIO
-------\Service_nsak
-------\Service_xjedsvl


((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-09 22:07 . 2011-01-09 22:07 -------- d-----w- c:\documents and settings\Steffan Family\Application Data\Malwarebytes
2011-01-09 22:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-09 22:06 . 2011-01-09 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-09 22:06 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 20:57 . 2011-01-02 20:57 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-02 20:24 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-02 19:37 . 2011-01-02 19:37 -------- d-----w- c:\windows\system32\LogFiles
2011-01-02 19:31 . 2010-11-06 00:26 916480 ----a-w- c:\windows\system32\wininet.dll
2011-01-02 19:31 . 2001-08-18 03:34 583680 ----a-w- c:\windows\system32\wininet.d.old
2011-01-02 16:58 . 2011-01-02 16:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-02 05:47 . 2011-01-02 05:47 0 ----a-w- c:\windows\system32\drivers\sstFB.tmp
2010-12-31 21:47 . 2010-12-31 21:48 -------- d-----w- c:\documents and settings\Administrator
2010-12-23 19:21 . 2010-12-23 19:21 -------- d-----w- c:\windows\system32\{userdocs}
2010-12-15 17:51 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-07-02 12:28 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-04-26 18:10 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-04-26 18:10 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-04-26 18:10 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2010-04-26 18:10 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2010-04-26 18:10 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2010-04-26 18:10 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-04-26 18:10 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2010-04-26 18:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-18 18:12 . 2002-08-03 15:16 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2002-08-03 15:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-03 15:04 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-03 15:05 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-03 15:04 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-08-03 15:05 1853312 ----a-w- c:\windows\system32\win32k.sys
2001-09-03 16:21 309453 --sha-w- c:\windows\rsx.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-15 00:05 . 2007-03-15 00:05 257088 d:\itunes\bak\iTunesHelper.exe
2010-07-21 19:53 . 2010-07-21 19:53 141608 d:\itunes\iTunesHelper.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 21:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyDefender Shield"="c:\program files\SpyDefender Pro\SpyDefender.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-25 39408]
"Easy Dock"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-26 32768]
"SiS Tray"="" [N/A]
"SiS KHooker"="c:\windows\system32\khooker.exe" [N/A]
"LTSMMSG"="LTSMMSG.exe" [2002-07-20 32768]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-07-04 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [N/A]
"CleanupProgram"="c:\sonysys\cleanup.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NWEReboot"="" [N/A]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"Easy Dock"="" [N/A]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-06-06 118784]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="d:\adobe\Adobe Reader\Reader\Reader_sl.exe" [2008-10-15 39792]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="d:\programs\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Steffan Family\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Steffan Family\My Documents\RCA Detective\RCADetective.exe [2008-12-24 804352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-7 113664]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-4-17 819200]
VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2002-8-15 40960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Sony Shared\\VAIO Media Platform\\sv_httpd.exe"=
"c:\\Program Files\\Common Files\\Sony Shared\\VAIO Media Platform\\UPnPFramework.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"d:\\Programs\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Programs\\Skype\\Phone\\Skype.exe"=
"d:\\Programs\\Quake II\\quake2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Dos\\qb64\\untitled.exe"=
"c:\\Program Files\\Elite Warriors - Vietnam Demo\\SOG.exe"=
"d:\\iTunes\\iTunes.exe"=
"d:\\Programs\\Quake II\\kmquake2\\kmquake2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2010 1:10 PM 293968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2010 1:10 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 4:11 PM 135664]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [8/3/2002 10:06 AM 815819]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 21:11]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 21:11]

2007-04-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-08-03 00:12]

2011-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 21:29]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Steffan Family\Application Data\Mozilla\Firefox\Profiles\epwk2nev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Wolfram Toolbar: support@wolfram.com - %profile%\extensions\support@wolfram.com
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-810355832-2230923689-572454927-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-11 20:50:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-12 01:50
ComboFix2.txt 2011-01-11 22:24

Pre-Run: 3,698,135,040 bytes free
Post-Run: 3,524,710,400 bytes free

- - End Of File - - 973179BD1DBF4BFE091AF62C337F6F07

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 11 January 2011 - 10:03 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
wininit.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 12 January 2011 - 03:46 PM

Ok here it is:

SystemLook 04.09.10 by jpshortstuff
Log created at 15:37 on 12/01/2011 by Steffan Family
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [15:04 03/08/2002] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1033216 bytes [12:53 04/09/2008] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c- 1032192 bytes [02:00 31/03/2008] [07:56 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1033728 bytes [01:33 12/01/2011] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [07:56 04/08/2004] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "wininit.exe"
No files found.

Searching for "winlogon.exe"
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c- 502272 bytes [12:52 04/09/2008] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a---- 507904 bytes [01:32 12/01/2011] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -----c- 507904 bytes [07:56 04/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [15:05 03/08/2002] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

-= EOF =-

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 12 January 2011 - 05:48 PM

I would like you to go to this web page - http://www.dll-files.com/dllindex/dll-files.shtml?wininet

scroll down till you see - Go to the download page for wininet.dll on the right hand side and click on that link

Download the file to your desktop

unzip the file and move the file to this folder C:\Windows\System32

let me know if you still get the error after you reboot

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 12 January 2011 - 06:20 PM

I still get the error. When I tried to move the file to System32 it wouldn't let me, so I renamed the old one and then moved it. When I booted back into safe mode it was acting weird (the box saying that you're in safe mode pops up, I hit yes, the desktop shows up, but then it disappears and the box pops up again. It kept doing this), so I put the original file back and rebooted and it stopped doing that.

#13 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 14 January 2011 - 11:42 PM

I guess since it's been 48 hours I'm supposed to bump this right?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 14 January 2011 - 11:49 PM

Sorry for the late reply


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
wininet.dll
wininet.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JonnyPants

JonnyPants
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 15 January 2011 - 12:09 PM

Here it is

SystemLook 04.09.10 by jpshortstuff
Log created at 11:41 on 15/01/2011 by Steffan Family
Administrator - Elevation successful

========== filefind ==========

Searching for "wininet.dll"
C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [00:28 08/09/2010] [12:24 24/06/2010] 60237E50D575FBA9BEC9BC043F157149
C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [20:14 14/10/2010] [05:57 10/09/2010] 0555E190DCD06B8998E6DDCA42DAEB82
C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [12:59 16/12/2010] [00:27 06/11/2010] 9357C4249F4810FB0E49C13387A8A77C
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll --a--c- 825344 bytes [02:01 07/12/2007] [02:01 07/12/2007] B5B411BB229AE6EAD7652A32ED47BFB9
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll --a--c- 827392 bytes [19:19 09/04/2008] [13:03 01/03/2008] 6316C2F0C61271C8ABDFF7429174879E
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll --a--c- 827392 bytes [23:53 10/06/2008] [03:35 23/04/2008] 41546B396A526918DA7995A02EA04E51
C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [00:59 14/08/2008] [16:01 23/06/2008] C66402A06B83B036C195242C0C8CF83C
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [09:08 26/08/2008] [09:08 26/08/2008] 77C192FE56A70D7FA0247BA0A6201C32
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [12:26 12/12/2008] [20:24 16/10/2008] 0D5B75171FF51775B630A431B6C667E8
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [14:53 11/02/2009] [23:56 20/12/2008] 044E0A4E9FE97C0FB9AFE9C89E2A82E6
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll --a--c- 828416 bytes [00:17 03/03/2009] [00:17 03/03/2009] C8667854873938CA13C986F16B0CD183
C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll --a--c- 828928 bytes [04:49 29/04/2009] [04:49 29/04/2009] 62CCA075F44015147B8971DAFFBCFF76
C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll --a--c- 828928 bytes [16:23 29/06/2009] [16:23 29/06/2009] 4C6B4138165A4C53FE8A5B1D809526C3
C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll --a---- 840704 bytes [07:31 29/08/2009] [07:31 29/08/2009] A5885AF9BFBD942B828E6020AD326517
C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll --a---- 916480 bytes [13:30 27/10/2009] [08:01 29/08/2009] 972B226BDAD71C55F3CC9A72BBF8F1C1
C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll --a---- 916480 bytes [16:24 09/12/2009] [07:45 29/10/2009] 6AF52998B90F72FF2325D84D90EDA1CC
C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll --a---- 916480 bytes [14:12 22/01/2010] [19:09 21/12/2009] 5E1F666B8955FD77E65D65C4C4D882A3
C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [18:03 31/03/2010] [06:19 25/02/2010] 4458D59F2B0369F4D3B137541D284041
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [19:03 11/06/2010] [10:36 06/05/2010] C1490F68B44AF8B781F52F12F564625D
C:\WINDOWS\$NtServicePackUninstall$\wininet.dll -----c- 656384 bytes [12:54 04/09/2008] [07:56 04/08/2004] C0823FC5469663BA63E7DB88F9919D70
C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll -----c- 582656 bytes [00:12 08/04/2007] [16:56 05/03/2002] C71AE1D2FA7C6BD6D3924215EF216FAB
C:\WINDOWS\ERDNT\cache\wininet.dll --a---- 916480 bytes [01:32 12/01/2011] [00:26 06/11/2010] 306A2B05EA9846278113964DC6E2C940
C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll -----c- 818688 bytes [01:54 31/03/2008] [02:03 08/11/2006] 92995334F993E6E49C25C6D02EC04401
C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll -----c- 824832 bytes [03:22 10/04/2008] [02:21 07/12/2007] 806D274C9A6C3AAEA5EAE8E4AF841E04
C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll -----c- 826368 bytes [02:40 11/06/2008] [13:06 01/03/2008] AD21461AEF8244EDEC2EF18E55E1DCF3
C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll -----c- 826368 bytes [02:28 14/08/2008] [04:16 23/04/2008] F6589BE784647CFDBC22EA51CCB1A57A
C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll -----c- 826368 bytes [02:12 15/10/2008] [16:57 23/06/2008] 8C13D4A7479FA0A026EDA8ABCE82C0ED
C:\WINDOWS\ie7updates\KB958215-IE7\wininet.dll -----c- 826368 bytes [05:04 13/12/2008] [07:24 26/08/2008] EF8EBA98145BFA44E80D17A3B3453300
C:\WINDOWS\ie7updates\KB961260-IE7\wininet.dll -----c- 826368 bytes [08:02 12/02/2009] [20:38 16/10/2008] 6741EAF7B7F110E803A6E38F6E5FA6B0
C:\WINDOWS\ie7updates\KB963027-IE7\wininet.dll -----c- 826368 bytes [04:09 16/04/2009] [23:15 20/12/2008] A82935D32D0672E8FF4E91AE398E901C
C:\WINDOWS\ie7updates\KB969897-IE7\wininet.dll -----c- 826368 bytes [03:55 11/06/2009] [00:18 03/03/2009] 28775945CCD53DEE280EF58DEA1A94C4
C:\WINDOWS\ie7updates\KB972260-IE7\wininet.dll -----c- 827392 bytes [03:19 30/07/2009] [04:56 29/04/2009] 8E2D471157B0DF329D8D0EA5D83B0DDB
C:\WINDOWS\ie7updates\KB974455-IE7\wininet.dll -----c- 827392 bytes [02:28 15/10/2009] [16:12 29/06/2009] A39B7BA7AB9B1CC2A0009F59772DB83C
C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll -----c- 916480 bytes [00:42 08/09/2010] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll -----c- 916480 bytes [01:53 15/10/2010] [12:22 24/06/2010] D3DEB6B2B424AC93DE3801EAEB21A9A5
C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll -----c- 916480 bytes [03:00 17/12/2010] [05:58 10/09/2010] 36FE8ABC59AAFBE20CBE54BC372F9429
C:\WINDOWS\ie8updates\KB974455-IE8\wininet.dll -----c- 914944 bytes [13:36 27/10/2009] [08:34 08/03/2009] 6CE32F7778061CCC5814D5E0F282D369
C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll -----c- 916480 bytes [02:25 10/12/2009] [08:08 29/08/2009] CF0A5FE05BF614C24950D8FAEC1BC309
C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll -----c- 916480 bytes [15:40 22/01/2010] [07:45 29/10/2009] 75240F6EDBCE7B85DF66874407D38A4F
C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll -----c- 916480 bytes [01:19 01/04/2010] [19:14 21/12/2009] FF4241C74E0C0A5AFFFE05F584213ECB
C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll -----c- 916480 bytes [05:28 12/06/2010] [06:24 25/02/2010] 7A42CFED96CDA7F2FB1A26D1F9F65775
C:\WINDOWS\ServicePackFiles\i386\wininet.dll -----c- 666112 bytes [07:56 04/08/2004] [00:12 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
C:\WINDOWS\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3GDR\wininet.dll --a---- 832512 bytes [14:07 17/08/2010] [17:20 04/05/2010] 83306356DE710DA87ED91A6AF6233214
C:\WINDOWS\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3QFE\wininet.dll --a---- 841216 bytes [14:07 17/08/2010] [17:20 04/05/2010] 506B3DCB9C26070072E3047C6910F844
C:\WINDOWS\SoftwareDistribution\Download\6d24de0cb903b0ef8f6d2791745000a1\SP3GDR\wininet.dll --a---- 832512 bytes [14:09 17/08/2010] [12:15 24/06/2010] 473A87B1DD8941FFE9315CFE6A13B354
C:\WINDOWS\SoftwareDistribution\Download\6d24de0cb903b0ef8f6d2791745000a1\SP3QFE\wininet.dll --a---- 841216 bytes [14:09 17/08/2010] [12:16 24/06/2010] 2E5F7848F3FEECC1F3915A64C0AD0FA8
C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll --a--c- 915456 bytes [13:16 18/06/2009] [05:15 13/05/2009] 366C72AF6970DB7BB39AB0142BF09DB5
C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll --a--c- 915456 bytes [13:16 18/06/2009] [05:10 13/05/2009] C0EB6850C8A02A154281749DC61FAF22
C:\WINDOWS\SoftwareDistribution\Download\bd4a8ed1ff18ce602cf240d9190152b0\sp3qfe\wininet.dll --a---- 841216 bytes [12:16 24/06/2010] [12:16 24/06/2010] 2E5F7848F3FEECC1F3915A64C0AD0FA8
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll --a---- 916480 bytes [00:24 08/09/2010] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll --a---- 919040 bytes [00:24 08/09/2010] [10:36 06/05/2010] C1490F68B44AF8B781F52F12F564625D
C:\WINDOWS\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3GDR\wininet.dll --a---- 916480 bytes [13:06 27/10/2009] [08:08 29/08/2009] CF0A5FE05BF614C24950D8FAEC1BC309
C:\WINDOWS\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3QFE\wininet.dll --a---- 916480 bytes [13:06 27/10/2009] [08:01 29/08/2009] 972B226BDAD71C55F3CC9A72BBF8F1C1
C:\WINDOWS\system32\wininet.dll --a---- 916480 bytes [19:31 02/01/2011] [00:26 06/11/2010] 306A2B05EA9846278113964DC6E2C940
C:\WINDOWS\system32\dllcache\wininet.dll -----c- 916480 bytes [02:03 08/11/2006] [00:26 06/11/2010] 306A2B05EA9846278113964DC6E2C940

Searching for "wininet.*"
C:\Documents and Settings\Steffan Family\Desktop\wininet.zip --a---- 321564 bytes [23:01 12/01/2011] [23:01 12/01/2011] 42EEF1012BEA824921C328DB01FF9BEA
C:\Documents and Settings\Steffan Family\Recent\wininet.lnk --a---- 405 bytes [19:31 02/01/2011] [23:01 12/01/2011] D96CCB31F483186970EA12C8E16F14AE
C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\WinInet.h --a--c- 135661 bytes [19:19 27/09/2007] [19:19 27/09/2007] D2D8C04BFAEAB431FB1028CCE8D52959
C:\Program Files\Microsoft SDKs\Windows\v6.0A\Lib\WinInet.Lib --a--c- 62878 bytes [19:20 27/09/2007] [19:20 27/09/2007] 288BDA94238BC81132CA9E4118325885
C:\Program Files\Microsoft SDKs\Windows\v6.0A\Lib\x64\WinInet.Lib --a--c- 58356 bytes [19:20 27/09/2007] [19:20 27/09/2007] AFE2862CCAD7AD7D52679BADB10B79E4
C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [00:28 08/09/2010] [12:24 24/06/2010] 60237E50D575FBA9BEC9BC043F157149
C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [20:14 14/10/2010] [05:57 10/09/2010] 0555E190DCD06B8998E6DDCA42DAEB82
C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [12:59 16/12/2010] [00:27 06/11/2010] 9357C4249F4810FB0E49C13387A8A77C
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll --a--c- 825344 bytes [02:01 07/12/2007] [02:01 07/12/2007] B5B411BB229AE6EAD7652A32ED47BFB9
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll --a--c- 827392 bytes [19:19 09/04/2008] [13:03 01/03/2008] 6316C2F0C61271C8ABDFF7429174879E
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll --a--c- 827392 bytes [23:53 10/06/2008] [03:35 23/04/2008] 41546B396A526918DA7995A02EA04E51
C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [00:59 14/08/2008] [16:01 23/06/2008] C66402A06B83B036C195242C0C8CF83C
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [09:08 26/08/2008] [09:08 26/08/2008] 77C192FE56A70D7FA0247BA0A6201C32
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [12:26 12/12/2008] [20:24 16/10/2008] 0D5B75171FF51775B630A431B6C667E8
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll --a--c- 827904 bytes [14:53 11/02/2009] [23:56 20/12/2008] 044E0A4E9FE97C0FB9AFE9C89E2A82E6
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll --a--c- 828416 bytes [00:17 03/03/2009] [00:17 03/03/2009] C8667854873938CA13C986F16B0CD183
C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll --a--c- 828928 bytes [04:49 29/04/2009] [04:49 29/04/2009] 62CCA075F44015147B8971DAFFBCFF76
C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll --a--c- 828928 bytes [16:23 29/06/2009] [16:23 29/06/2009] 4C6B4138165A4C53FE8A5B1D809526C3
C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll --a---- 840704 bytes [07:31 29/08/2009] [07:31 29/08/2009] A5885AF9BFBD942B828E6020AD326517
C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll --a---- 916480 bytes [13:30 27/10/2009] [08:01 29/08/2009] 972B226BDAD71C55F3CC9A72BBF8F1C1
C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll --a---- 916480 bytes [16:24 09/12/2009] [07:45 29/10/2009] 6AF52998B90F72FF2325D84D90EDA1CC
C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll --a---- 916480 bytes [14:12 22/01/2010] [19:09 21/12/2009] 5E1F666B8955FD77E65D65C4C4D882A3
C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [18:03 31/03/2010] [06:19 25/02/2010] 4458D59F2B0369F4D3B137541D284041
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [19:03 11/06/2010] [10:36 06/05/2010] C1490F68B44AF8B781F52F12F564625D
C:\WINDOWS\$NtServicePackUninstall$\wininet.dll -----c- 656384 bytes [12:54 04/09/2008] [07:56 04/08/2004] C0823FC5469663BA63E7DB88F9919D70
C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll -----c- 582656 bytes [00:12 08/04/2007] [16:56 05/03/2002] C71AE1D2FA7C6BD6D3924215EF216FAB
C:\WINDOWS\ERDNT\cache\wininet.dll --a---- 916480 bytes [01:32 12/01/2011] [00:26 06/11/2010] 306A2B05EA9846278113964DC6E2C940
C:\WINDOWS\I386\WININET.DL_ -----c- 284704 bytes [15:03 03/08/2002] [12:00 18/08/2001] 8AE5100EBF28D0793A849021C81E94B2
C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll -----c- 818688 bytes [01:54 31/03/2008] [02:03 08/11/2006] 92995334F993E6E49C25C6D02EC04401
C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll -----c- 824832 bytes [03:22 10/04/2008] [02:21 07/12/2007] 806D274C9A6C3AAEA5EAE8E4AF841E04
C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll -----c- 826368 bytes [02:40 11/06/2008] [13:06 01/03/2008] AD21461AEF8244EDEC2EF18E55E1DCF3
C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll -----c- 826368 bytes [02:28 14/08/2008] [04:16 23/04/2008] F6589BE784647CFDBC22EA51CCB1A57A
C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll -----c- 826368 bytes [02:12 15/10/2008] [16:57 23/06/2008] 8C13D4A7479FA0A026EDA8ABCE82C0ED
C:\WINDOWS\ie7updates\KB958215-IE7\wininet.dll -----c- 826368 bytes [05:04 13/12/2008] [07:24 26/08/2008] EF8EBA98145BFA44E80D17A3B3453300
C:\WINDOWS\ie7updates\KB961260-IE7\wininet.dll -----c- 826368 bytes [08:02 12/02/2009] [20:38 16/10/2008] 6741EAF7B7F110E803A6E38F6E5FA6B0
C:\WINDOWS\ie7updates\KB963027-IE7\wininet.dll -----c- 826368 bytes [04:09 16/04/2009] [23:15 20/12/2008] A82935D32D0672E8FF4E91AE398E901C
C:\WINDOWS\ie7updates\KB969897-IE7\wininet.dll -----c- 826368 bytes [03:55 11/06/2009] [00:18 03/03/2009] 28775945CCD53DEE280EF58DEA1A94C4
C:\WINDOWS\ie7updates\KB972260-IE7\wininet.dll -----c- 827392 bytes [03:19 30/07/2009] [04:56 29/04/2009] 8E2D471157B0DF329D8D0EA5D83B0DDB
C:\WINDOWS\ie7updates\KB974455-IE7\wininet.dll -----c- 827392 bytes [02:28 15/10/2009] [16:12 29/06/2009] A39B7BA7AB9B1CC2A0009F59772DB83C
C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll -----c- 916480 bytes [00:42 08/09/2010] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll -----c- 916480 bytes [01:53 15/10/2010] [12:22 24/06/2010] D3DEB6B2B424AC93DE3801EAEB21A9A5
C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll -----c- 916480 bytes [03:00 17/12/2010] [05:58 10/09/2010] 36FE8ABC59AAFBE20CBE54BC372F9429
C:\WINDOWS\ie8updates\KB974455-IE8\wininet.dll -----c- 914944 bytes [13:36 27/10/2009] [08:34 08/03/2009] 6CE32F7778061CCC5814D5E0F282D369
C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll -----c- 916480 bytes [02:25 10/12/2009] [08:08 29/08/2009] CF0A5FE05BF614C24950D8FAEC1BC309
C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll -----c- 916480 bytes [15:40 22/01/2010] [07:45 29/10/2009] 75240F6EDBCE7B85DF66874407D38A4F
C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll -----c- 916480 bytes [01:19 01/04/2010] [19:14 21/12/2009] FF4241C74E0C0A5AFFFE05F584213ECB
C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll -----c- 916480 bytes [05:28 12/06/2010] [06:24 25/02/2010] 7A42CFED96CDA7F2FB1A26D1F9F65775
C:\WINDOWS\ServicePackFiles\i386\wininet.dll -----c- 666112 bytes [07:56 04/08/2004] [00:12 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
C:\WINDOWS\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3GDR\wininet.dll --a---- 832512 bytes [14:07 17/08/2010] [17:20 04/05/2010] 83306356DE710DA87ED91A6AF6233214
C:\WINDOWS\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3QFE\wininet.dll --a---- 841216 bytes [14:07 17/08/2010] [17:20 04/05/2010] 506B3DCB9C26070072E3047C6910F844
C:\WINDOWS\SoftwareDistribution\Download\6d24de0cb903b0ef8f6d2791745000a1\SP3GDR\wininet.dll --a---- 832512 bytes [14:09 17/08/2010] [12:15 24/06/2010] 473A87B1DD8941FFE9315CFE6A13B354
C:\WINDOWS\SoftwareDistribution\Download\6d24de0cb903b0ef8f6d2791745000a1\SP3QFE\wininet.dll --a---- 841216 bytes [14:09 17/08/2010] [12:16 24/06/2010] 2E5F7848F3FEECC1F3915A64C0AD0FA8
C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll --a--c- 915456 bytes [13:16 18/06/2009] [05:15 13/05/2009] 366C72AF6970DB7BB39AB0142BF09DB5
C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll --a--c- 915456 bytes [13:16 18/06/2009] [05:10 13/05/2009] C0EB6850C8A02A154281749DC61FAF22
C:\WINDOWS\SoftwareDistribution\Download\bd4a8ed1ff18ce602cf240d9190152b0\sp3qfe\wininet.dll --a---- 841216 bytes [12:16 24/06/2010] [12:16 24/06/2010] 2E5F7848F3FEECC1F3915A64C0AD0FA8
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll --a---- 916480 bytes [00:24 08/09/2010] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll --a---- 919040 bytes [00:24 08/09/2010] [10:36 06/05/2010] C1490F68B44AF8B781F52F12F564625D
C:\WINDOWS\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3GDR\wininet.dll --a---- 916480 bytes [13:06 27/10/2009] [08:08 29/08/2009] CF0A5FE05BF614C24950D8FAEC1BC309
C:\WINDOWS\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3QFE\wininet.dll --a---- 916480 bytes [13:06 27/10/2009] [08:01 29/08/2009] 972B226BDAD71C55F3CC9A72BBF8F1C1
C:\WINDOWS\system32\wininet.d.old --a---- 583680 bytes [19:31 02/01/2011] [03:34 18/08/2001] 6D9444B32CE64207103BB9F7291A4D23
C:\WINDOWS\system32\wininet.dll --a---- 916480 bytes [19:31 02/01/2011] [00:26 06/11/2010] 306A2B05EA9846278113964DC6E2C940
C:\WINDOWS\system32\wininet.old --a---- 583680 bytes [19:31 02/01/2011] [03:34 18/08/2001] 6D9444B32CE64207103BB9F7291A4D23
C:\WINDOWS\system32\dllcache\wininet.dll -----c- 916480 bytes [02:03 08/11/2006] [00:26 06/11/2010] 306A2B05EA9846278113964DC6E2C940
C:\WINDOWS\system32\en-US\wininet.dll.mui --a---- 53248 bytes [17:02 17/10/2006] [18:21 08/03/2009] 2A7D8005E806CB18CB20CBD997DF6B45

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users