Please help...All programs are missing (emptied) after Window Xp Restore virus.

[kattynite]

My computer was infeceted with the Windows XP Restore Virus. I have been reading and following instructions in this forum to remove this virus but all my programs folder are still missing. I used RKill and Malwarebytes to remove the virus

I then used Unhide.exe , TDSSKiller.exe and DDS, but all the programs are Empty.

Can someone please help me restore the empty files? Thanks

Here is a copy of malware log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6905

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/20/2011 6:01:20 PM

mbam-log-2011-06-20 (18-01-20).txt

Scan type: Full scan (C:\|)

Objects scanned: 213162

Time elapsed: 50 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[D-FRED-BROWN]

Hello wickkidda and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please try this verison of Unhide, and let me know if it helps :

http://download.bleepingcomputer.com/grinler/beta/unhide.exe

Please note: If you have recently deleted your temporary files, there is no way to recover your missing program icons/links. These will have to be rebuilt manually.

[kattynite]

Hi D-FRED-BROWN, I've tried using your new unhide.exe but the all program folders are still missing. Are there anything else i can do to get those folders back? Thanks

[D-FRED-BROWN]

Hi D-FRED-BROWN, I've tried using your new unhide.exe but the all program folders are still missing. Are there anything else i can do to get those folders back? Thanks

Try running this script:

http://download.bleepingcomputer.com/bats/smtmp.bat

If the folder containing your missing objects is on this computer, it will open.

In other words, if you have recently run a temporary file cleaner (such as ATF, CCleaner, etc.) then there is no way to get them back.

Let me know if that script helps.

[kattynite]

Try running this script:

http://download.bleepingcomputer.com/bats/smtmp.bat

If the folder containing your missing objects is on this computer, it will open.

In other words, if you have recently run a temporary file cleaner (such as ATF, CCleaner, etc.) then there is no way to get them back.

Let me know if that script helps.

Hi, Another problem that I am having is when i try to print something from the internet, the browser automatically shutdown and does not allow me to print. I've tried this with both firefox and Explorer. I think my PC is still infected somehow. Please help. Thanks

[D-FRED-BROWN]

Okay , let's run ComboFix.

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

[kattynite]

Hi, I ran the combofix and iam still not able to print from internet. My program folders are still emptied. Here is a log for the combofix:

Okay , let's run ComboFix.

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

combofix.txt

[D-FRED-BROWN]

My program folders are still emptied.

Please try running the script in this post, and let me know what happens.

--------

Next, please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Dirlook::

C:\SOFTWARE

Reglock::

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply.

How is your computer running now?

[D-FRED-BROWN]

Also, please include the logs as posts, rather than as attachments - it makes them easier to read this way.

[kattynite]

Hi, I ran the script but i am unable to recover any program folders. Does that mean all program folders have been deleted?

Volume in drive C has no label.

Volume Serial Number is 9440-FE1F

Please try running the script in this post, and let me know what happens.

--------

Next, please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply.

How is your computer running now?

[kattynite]

Hi, I am still unable to print anything from the internet.

Here is the new combofix log:

Thanks again...

ComboFix 11-06-28.05 - ACP Pharmacy 06/28/2011 17:23:16.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1387 [GMT -7:00]

Running from: c:\documents and settings\ACP Pharmacy\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\ACP Pharmacy\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2011-06-28 00:19 . 2011-06-28 00:19 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-28 00:19 . 2011-06-28 00:19 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-22 17:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-06-22 17:02 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-06-22 17:01 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-06-22 17:00 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-22 16:54 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-06-22 00:07 . 2011-06-22 00:07 -------- d-----w- c:\windows\system32\scripting

2011-06-22 00:07 . 2011-06-22 00:07 -------- d-----w- c:\windows\l2schemas

2011-06-22 00:07 . 2011-06-22 00:07 -------- d-----w- c:\windows\system32\en

2011-06-22 00:07 . 2011-06-22 00:07 -------- d-----w- c:\windows\system32\bits

2011-06-18 00:17 . 2011-06-18 00:17 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-16 01:06 . 2011-06-16 01:06 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-16 01:04 . 2011-06-16 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-06-16 00:19 . 2011-06-28 00:19 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-06-16 00:19 . 2011-06-28 00:19 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-06-16 00:19 . 2011-06-28 00:19 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-06-16 00:19 . 2011-06-28 00:19 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-06-16 00:19 . 2011-06-28 00:19 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-06-16 00:19 . 2011-06-28 00:19 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-06-15 21:13 . 2011-06-21 23:43 -------- d-----w- c:\documents and settings\ACP Pharmacy\Application Data\SUPERAntiSpyware.com

2011-06-15 21:13 . 2011-06-21 23:41 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-15 01:35 . 2011-06-15 01:35 -------- d-----w- c:\documents and settings\ACP Pharmacy\Local Settings\Application Data\Threat Expert

2011-06-15 01:35 . 2010-01-22 16:55 767952 ----a-w- c:\windows\BDTSupport.dll0637.old

2011-06-15 01:35 . 2010-01-22 16:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0637.old

2011-06-15 01:35 . 2010-01-22 16:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0637.old

2011-06-15 01:33 . 2011-06-15 18:07 -------- d-----w- c:\program files\Spyware Doctor

2011-06-15 01:33 . 2011-06-15 18:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-06-14 23:24 . 2011-06-18 00:18 -------- d-----w- c:\program files\ESET

2011-06-14 18:01 . 2011-06-18 00:17 -------- d-----w- C:\SOFTWARE

2011-06-14 00:02 . 2011-06-14 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 16:11 . 2011-04-26 16:53 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2005-12-15 01:08 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 19:15 . 2011-04-25 19:15 1006778 ----a-w- C:\rkill.exe

2011-04-25 19:10 . 2011-04-25 19:10 7734224 ----a-w- C:\mbam-setup.exe

2011-04-25 16:11 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-28 00:19 . 2011-06-16 00:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\SOFTWARE ----

.

2011-06-17 21:00 . 2011-06-17 21:00 4130419 ----a-w- c:\software\ComboFix.exe

2011-06-17 20:11 . 2011-06-17 20:11 581120 ----a-w- c:\software\aswMBR.exe

2011-06-17 20:07 . 2011-01-01 08:14 2254 ----a-w- c:\software\eula.txt

2011-06-17 20:07 . 2011-06-16 22:28 1441584 ----a-w- c:\software\TDSSKiller.exe

2011-06-17 20:07 . 2011-06-17 20:07 1309375 ----a-w- c:\software\tdsskiller.zip

2011-06-16 00:39 . 2011-06-16 01:05 6470464 ----a-w- c:\software\HitmanPro35.exe

2011-06-14 19:01 . 2011-06-14 19:00 1007120 ----a-w- c:\software\iExplore.exe

2011-06-14 18:02 . 2011-06-14 18:00 510464 ----a-w- c:\software\RogueKiller.exe

2011-06-14 18:02 . 2011-06-14 17:54 36317320 ----a-w- c:\software\sdsetup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-15 98304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [1/14/2006 4:06 PM 17792]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 7:24 AM 735960]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/26/2011 9:53 AM 366640]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S4 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [8/20/2010 3:00 PM 53307]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\ACP Pharmacy\Application Data\Mozilla\Firefox\Profiles\yq8yojk3.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - user.js: keyword.enabled - 1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-28 17:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4056)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\fxssvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Completion time: 2011-06-28 17:36:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-29 00:36

ComboFix2.txt 2011-06-27 21:02

ComboFix3.txt 2011-06-18 01:05

ComboFix4.txt 2011-06-17 22:19

.

Pre-Run: 51,591,782,400 bytes free

Post-Run: 51,659,747,328 bytes free

.

- - End Of File - - 1F87C7AA2012D02C28B076C8FAA94708

[D-FRED-BROWN]

Hi, I ran the script but i am unable to recover any program folders. Does that mean all program folders have been deleted?

Unfortunately, yes . This happened by cleaning your temporary files directly after you got infected. You can manually rebuild your Start Menu and Desktop icons, though. If you need help with this, let me know.

----------

Please delete the following file (in bold):

c:\software\ComboFix.exe

(since we're running ComboFix from your Desktop, you shouldn't keep a spare one lying around )

Your logs appear to be clean. Let's run some more scans to confirm before we move on to troubleshooting your printer issues.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
  
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

--------

I have a strong feeling that your printer issues are caused by outdated drivers. Try updating your drivers and let me know if that resolves the issue. If you need assitance let me know.

[kattynite]

Hi, please let me if i have any issues with my eset scanner result. Thanks

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=f9a85aacd823bf4a938fa06da25a6e3d

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-29 11:41:36

# local_time=2011-06-29 04:41:36 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8201 39157157 100 100 1125030 55786167 0 0

# scanned=86356

# found=0

# cleaned=0

# scan_time=4503

# nod_component=V3 Build:0x30000000

Unfortunately, yes . This happened by cleaning your temporary files directly after you got infected. You can manually rebuild your Start Menu and Desktop icons, though. If you need help with this, let me know.

----------

Please delete the following file (in bold):

c:\software\ComboFix.exe

(since we're running ComboFix from your Desktop, you shouldn't keep a spare one lying around )

Your logs appear to be clean. Let's run some more scans to confirm before we move on to troubleshooting your printer issues.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
  
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

--------

I have a strong feeling that your printer issues are caused by outdated drivers. Try updating your drivers and let me know if that resolves the issue. If you need assitance let me know.

[kattynite]

LOG for Quickscan

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Wed Jun 29 17:56:12 2011

Machine ID: 9440FE1F

No infection found.

-------------------

Processes

---------

ESET Smart Security 2296 C:\Program Files\ESET\ESET Smart Security\egui.exe

ESET Smart Security 1236 C:\Program Files\ESET\ESET Smart Security\ekrn.exe

Java Platform SE 6 U16 3984 C:\Program Files\Java\jre6\bin\java.exe

Java Platform SE 6 U16 1260 C:\Program Files\Java\jre6\bin\jqs.exe

Microsoft® Windows® Operating System 1192 C:\WINDOWS\ehome\ehrecvr.exe

Microsoft® Windows® Operating System 1208 C:\WINDOWS\ehome\ehSched.exe

Microsoft® Windows® Operating System 1972 C:\WINDOWS\ehome\mcrdsvc.exe

Microsoft® Windows® Operating System 2592 C:\WINDOWS\system32\ntvdm.exe

Microsoft® Windows® Operating System 3636 C:\WINDOWS\system32\ntvdm.exe

Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\spoolsv.exe

SecureTrans 3932 C:\tony\stsys.exe

(verified) Microsoft® Windows® Operating System 1660 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3176 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1264 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 1944 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 2408 C:\WINDOWS\system32\dllhost.exe

(verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\fxssvc.exe

(verified) Microsoft® Windows® Operating System 1356 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 1344 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 928 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 364 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 560 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1116 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 192 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1548 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1596 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2020 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 4004 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1292 C:\WINDOWS\system32\winlogon.exe

(verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\wuauclt.exe

(verified) Windows® Internet Explorer 3648 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 3612 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Yahoo! AutoUpdater 728 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Network activity

----------------

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 69.171.228.40

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 74.125.224.228

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 69.31.112.136

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 69.31.112.136

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 69.31.113.91

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 69.31.113.91

Process ekrn.exe (1236) connected on port 80 (HTTP) --> 66.235.143.118

Process svchost.exe (560) listens on ports: 2869 (SSDP event notification, UPNP)

Process svchost.exe (1596) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

QuickTime C:\Program Files\QuickTime\qttask.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Java Deployment Toolkit 6.0.160.1 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

TODO: <Product name> C:\Documents and Settings\ACP Pharmacy\Application Data\Mozilla\Firefox\Profiles\yq8yojk3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan

----

MD5: 78d4896db266107319ce6ff7d5da9727 C:\Documents and Settings\ACP Pharmacy\Application Data\Mozilla\Firefox\Profiles\yq8yojk3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

MD5: 3998f895e95b6cc147bf7815ee90424a C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: 1264f787e46dc572fa274ca09b446e01 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll

MD5: fe80901578e7e3da70299a5aeb2b7fbd C:\Program Files\DellSupport\brkrsvc.exe

MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx

MD5: 764eeb4bca87921a629bbc52de421e8e C:\Program Files\ESET\ESET Smart Security\egui.exe

MD5: 9d7113489dac78f11900128b1cd57c19 C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll

MD5: dd9c0794bc1b8c0ad8aa90acc17e7d8b C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll

MD5: 23ce24b183cb677ffb1a6b525f489acd C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll

MD5: 8536973b658705f7bbe70f170fc753e0 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll

MD5: a8e13dbda2f37913a64ea4099316e565 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll

MD5: 3b9eb198660f72d9701fcff6f0982600 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll

MD5: bccf37f76ab19ac0b2baa2b87ea78607 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll

MD5: 28be3c618c9aa4e9c5cd8ac422559421 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll

MD5: 7e5c9009d28fe0f2cde2b8df47472a06 C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

MD5: fddad27e9a20d0dac04facbf67afbfc1 C:\Program Files\ESET\ESET Smart Security\ekrn.exe

MD5: 960d3bc72e3ed76f2aa279ae2f047740 C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll

MD5: d3fed609ca2bc5e6d7a80ba508a52633 C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll

MD5: cdcc54ce6f9feb581ebbf79b7d9eefb4 C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll

MD5: 3c91a863718887fd4825ffc2d0f24367 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll

MD5: 361c4c15b782ca59f1879306ffe46d9e C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll

MD5: abf89c4a173e65526f379c66d69e2188 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll

MD5: d6fc908159ee9225f76bd922c28c2444 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll

MD5: d1917abb6dc2cb973229a60bdba87cb4 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll

MD5: f8f7b820eb5c471bbc67c73d4905082e C:\Program Files\ESET\ESET Smart Security\updater.dll

MD5: 9da26b773bd04b867a8e9f427cd048fc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\internet explorer\xpshims.dll

MD5: 902bf143000f12fc55af8b89efee187d C:\Program Files\Java\jre6\bin\awt.dll

MD5: 9019aebd2f7212170f739e162d09471b C:\Program Files\Java\jre6\bin\client\jvm.dll

MD5: f0835990c1731a48901a229a63c6ada1 C:\Program Files\Java\jre6\bin\dcpr.dll

MD5: 173e44647d626fc9ecafb75801c1a6ff C:\Program Files\Java\jre6\bin\deploy.dll

MD5: fd711ecc6141057c6d202f14a005028b C:\Program Files\Java\jre6\bin\fontmanager.dll

MD5: 444b4c6bb5a208e5f3ba8583242be715 C:\Program Files\Java\jre6\bin\hpi.dll

MD5: 83c5b76956238620e666cec09bf575d8 C:\Program Files\Java\jre6\bin\java.dll

MD5: 4d40136eec5c35b5e0d12d2e8930c2a5 C:\Program Files\Java\jre6\bin\java.exe

MD5: 0b1a31837fe109df73b3cd009f0ba485 C:\Program Files\Java\jre6\bin\jp2iexp.dll

MD5: bc36c491bb79a50baf6b6122dcdd5cae C:\Program Files\Java\jre6\bin\jp2native.dll

MD5: d06be260b64e46edfa902acdaa894cc9 C:\Program Files\Java\jre6\bin\net.dll

MD5: d8463540466ef1c429f7c6561c11a9a4 C:\Program Files\Java\jre6\bin\nio.dll

MD5: 463a6f355f129c9217f564c935d46c1f C:\Program Files\Java\jre6\bin\regutils.dll

MD5: 60b211d48d99172e9d00ccfb5ed68910 C:\Program Files\Java\jre6\bin\sunmscapi.dll

MD5: 0df848825a95a7143dcbaaf59426d204 C:\Program Files\Java\jre6\bin\verify.dll

MD5: 4bd8d51fe0b91216864df8cffa4cf9fb C:\Program Files\Java\jre6\bin\zip.dll

MD5: ccfdecd6060ea8eb0f8466782a97ff21 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

MD5: ec60491a5ff57700f10fe0403f7dcad4 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 63368d3e65aace7d26f69d8b29384243 C:\Program Files\Microsoft Office\Office12\msohevi.dll

MD5: c341ccfbe98bc7df6e0b856bb9fc265a C:\Program Files\QuickTime\qttask.exe

MD5: b5292adb263c61d6de5dc40d21066e72 C:\tony\FileControl.DLL

MD5: d87003ce3217e642a5b24a77c91c953e C:\tony\OpenSSL.dll

MD5: ffadac1a29cb65402cf3d93053de69be C:\tony\STransCore.dll

MD5: 8e04dc4b2ed0b3d33f32b7a2fccc80b6 C:\tony\STransDirect.dll

MD5: d8e3a60426137a375ce6473a6faef463 C:\tony\STransMaster.dll

MD5: f272b0e1de93559bfaba1a18f16b21e0 C:\tony\STransSerial.dll

MD5: 694e005020fcbedf96b7bad78c7d3b76 C:\tony\stsys.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: d8fb851a9fbd62352fd74283f9c14c77 C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll

MD5: 8301243bde5b6cd316d79c0191d50d9a C:\WINDOWS\ehome\ehrecvr.exe

MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe

MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll

MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: d05ab88927849df74cf4f1c303daeb4f C:\WINDOWS\System32\adptif.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll

MD5: 389496118b3b03c2328024af320132ac c:\windows\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 2f7f3e8da380325866e566f5d5ec23d5 C:\WINDOWS\system32\DRIVERS\AegisP.sys

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: dfeabb7cfffadea4a912ab95bdc3177a C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

MD5: 95974e66d3de4951d29e28e8bc0b644c C:\WINDOWS\system32\DRIVERS\e100b325.sys

MD5: 30372bcc67d63bee538cdfeca755d81c C:\WINDOWS\system32\DRIVERS\eamon.sys

MD5: 6504d6afb75fef830dd99e8c4235d54d C:\WINDOWS\system32\DRIVERS\ehdrv.sys

MD5: 86895d4413316becc2d7944d2749586c C:\WINDOWS\system32\DRIVERS\epfw.sys

MD5: 6d69809e98df95980060d4699eb6d633 C:\WINDOWS\system32\DRIVERS\epfwtdi.sys

MD5: 970178e8e003eb1481293830069624b9 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

MD5: ebb354438a4c5a3327fb97306260714a C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

MD5: 240d0f5d7caafd87bd8d801a97bbe041 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: f61bd411a315b9721ddef61e44d34474 C:\WINDOWS\system32\DRIVERS\IntelS51.sys

MD5: 195741aee20369980796b557358cd774 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys

MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 8b8b1be2dba4025da6786c645f77f123 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

MD5: 411923a60e1fc2b136c77e6d50fc69bd C:\WINDOWS\system32\DRIVERS\ppa.sys

MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys

MD5: 70aeec67e87a2002e6b2cc353d56e222 C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

MD5: 1f16931c722c69e4a7866244796c66a0 C:\WINDOWS\system32\DRIVERS\sermouse.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 26eb7acf476a3461b85f5bce9a677a4a C:\WINDOWS\system32\drivers\sthda.sys

MD5: 57e95881e5f014816a8a53ad94ee0c48 C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys

MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll

MD5: 2d583e2844fdd592d1629eb6b10e5702 C:\WINDOWS\system32\fxsroute.dll

MD5: 0ce5f8ae9c371a965d17e3f2ed134809 C:\WINDOWS\system32\fxst30.dll

MD5: 1144ef6b4bb72e33b41912ae1ae4f97a C:\WINDOWS\system32\FXSTIFF.dll

MD5: fc80052194d5708254a346568f0e77c0 C:\WINDOWS\system32\GTNDIS5.SYS

MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll

MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\ieframe.dll

MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll

MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll

MD5: bfc2a40fe739c453f5d02b7eef41ca28 C:\WINDOWS\system32\igfxdev.dll

MD5: b1ded39112e0c85bafa58dcbec6718b6 C:\WINDOWS\System32\ipxwan.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 9c54f2cc2301599d698399d7e49c7321 C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx

MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll

MD5: 8fe322352eb9ad66e7c438dc6e5dd806 C:\WINDOWS\system32\MPASSMON.DLL

MD5: 14da23d2b9310c694aba9dcae14dc059 C:\WINDOWS\system32\msfeeds.dll

MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll

MD5: b9715b9c18bc6c8f4b66733d208cc9f7 C:\WINDOWS\system32\MsPMSNSv.dll

MD5: 91dcd979ffed13ab6f6e6b085a43525e C:\WINDOWS\system32\msvidctl.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 681b807e53bdada337735c28c0e48a1b C:\WINDOWS\system32\ntvdm.exe

MD5: b7c38afc4b3d6b67dd4981718be177ce C:\WINDOWS\system32\NTVDMD.DLL

MD5: 06e587f41466569f32beaac7260e8aec C:\WINDOWS\System32\nwprovau.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: b2cf9f1f606dec23f70a40b01df3c396 C:\WINDOWS\system32\printui.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 926afc4848ff3297bb264333bf51e21f C:\WINDOWS\system32\sbe.dll

MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll

MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll

MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll

MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll

MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll

MD5: 88de252338bb4f25a15099cad5a87d27 C:\WINDOWS\system32\wavemsp.dll

MD5: 9651e5d850b6f6bd7c77c70aa06f02bf C:\WINDOWS\system32\wdfmgr.exe

MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 9e8043c72f8b6ada2b4c10827bb547b1 C:\WINDOWS\system32\wmploc.dll

MD5: 811bb60991fc03a63f2f844a3f9c6488 C:\WINDOWS\System32\wshisn.dll

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 8d25a3bf9d0005d264f105414ae2cde6 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCP80.dll

MD5: 0ef2917efd6d96e4c9cf121738cf5409 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

MD5: e983dc6a5c218016252af33b6ca6bfcb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80U.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 0.70 KB recvd

Scanned 615 files and modules - 22 seconds

==============================================================================

Unfortunately, yes . This happened by cleaning your temporary files directly after you got infected. You can manually rebuild your Start Menu and Desktop icons, though. If you need help with this, let me know.

----------

Please delete the following file (in bold):

c:\software\ComboFix.exe

(since we're running ComboFix from your Desktop, you shouldn't keep a spare one lying around )

Your logs appear to be clean. Let's run some more scans to confirm before we move on to troubleshooting your printer issues.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
  
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

--------

I have a strong feeling that your printer issues are caused by outdated drivers. Try updating your drivers and let me know if that resolves the issue. If you need assitance let me know.

[D-FRED-BROWN]

Hi, please select the button from now on when posting (instead of Reply). It makes it easier for me to read that way.

Your logs appear to be clean!

Before we move on to anything else, are you still experiencing any issues? Have your printer issues been resolved by a driver update? Please let me know

[kattynite]

Ok sorry about that. I will use the "add reply from now on. I am still having printing issues. When i print something from the internet, the browsers automatically shut down. There is no error message or warning at all. I think this happen after i updated window xp sp2 to sp3. Could that be the problem? I have installed the updated driver for the printer but no luck. Can you show me how to rebuild the Start Menu and Desktop icons? Thanks

[D-FRED-BROWN]

I think this happen after i updated window xp sp2 to sp3. Could that be the problem?

I doubt it. My first guess would be outdated drivers, but you said that wasn't the issue.

Can you tell me which brand of printer you use?

-----

For rebuilding your Desktop:

Anything that is missing are just shortcuts. You can go to C:/Program Files and open up the individual program you are looking for (ex) Microsoft Office/Microsoft Word etc. Right click the .exe file (ex) WinWord.exe and either choose to Send To..Desktop (make shortcut) or choose Pin To Start Menu. Do this for all programs you want shortcuts to.

Hope that helps

[kattynite]

Hi, I am using a Canon L80 fax/printer. When i go under C:/Program Files, i dont see any .exe files for the microsoft office. I am still able to open word or power point documents. Another issue is when i click on ALL PROGRAMs --> ACCESSORIES ---> SYSTEM TOOLs all the options for system restore, disk cleanup, etc... are gone. I am trying to do a system restore to a previous date but i dont have access. This is one nasty virus.

[D-FRED-BROWN]

C:/Program Files, i dont see any .exe files for the microsoft office.

That was just an example (should be C:\Program Filse\Microsoft Office\..., depending on what version you have). I don't know what programs you previously had in the Start Menu, so this is just a general approach on how to proceed with rebuilding them in the Start Menu .

click on ALL PROGRAMs --> ACCESSORIES ---> SYSTEM TOOLs all the options for system restore, disk cleanup, etc... are gone.

Try downloading and running this file: http://www.winxptutor.com/download/accrestore.zip (you'll have to extract it).

Hi, I am using a Canon L80 fax/printer.

Please navigate to : http://usa.canon.com/cusa/support/consumer/copiers_fax/thermal_laser_fax/faxphone_l80?selectedName=DriversAndSoftware

Click on Drivers/Software, choose Windows XP, and download and install the latest drivers. After, please reboot. Let me know if that helps

[kattynite]

Try downloading and running this file: http://www.winxptutor.com/download/accrestore.zip (you'll have to extract it).

Hi, I was able to retreive all system tools after running the winxptutor. Thank you very much.

Please navigate to : http://usa.canon.com/cusa/support/consumer/copiers_fax/thermal_laser_fax/faxphone_l80?selectedName=DriversAndSoftware

Click on Drivers/Software, choose Windows XP, and download and install the latest drivers. After, please reboot. Let me know if that helps

When i try to install the new driver, I am getting a sysytem error message "Then Win16 Subsystem was unable to enter Protected Mode, DOSX.EXE must be in your AUTOEXEC.NT and present in your PATH."

[D-FRED-BROWN]

Glad to hear the other fixes worked

As for your printer, do you think you could reinstall the software on your computer? Let me know if that resolves the issue

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[kattynite]

Hi, Sorry i was out of town for the weekend. I've tried unstalling the printer driver and reinstalling but no luck.

[D-FRED-BROWN]

Not just the driver, I meant the software itself. Usually your printer will come with a software CD. Uninstall that, and use the CD to reinstall it.

[kattynite]

sorry for the confusion. I uninstall the entire software and then using the cd to reinstall but its not working.