0

My computer is messed up. and I'm having problems with the internet, most programs I have won't work for when I click the shortcuts, it gives me an error: "The procedure entry point ?PickIconDlg@@YGHAUHWND_@@PAPGIPAH@Z could not be located in the dynamic link library database.DLL." things won't download all the way, like they will get halfway finished and just stop downloading. I saw another thread and the I did what they told me to do and ran Hijack This and ComboFix. I have the logs if you need me to post them. Any help would be awesome!

2
Contributors
6
Replies
7
Views
8 Years
Discussion Span
Last Post by crunchie
0

I saw another thread and the I did what they told me to do and ran Hijack This and ComboFix.

In that other thread it was not you who was told torun combofix, but the thread starter.
Advice on running combofix is given on an individual basis and should not otherwise be run.

Seeing how it is too late, you may as well post the logs again.

0

Combofix log:
ComboFix 09-04-22.02 - Poo 04/21/2009 16:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.475 [GMT -7:00]
Running from: c:\documents and settings\Poo\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\games.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\gamesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\moviesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Cache
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 05:14 . 2009-04-21 05:14 121 ----a-w c:\windows\bdagent.INI
2009-04-21 05:14 . 2009-04-21 05:14 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-21 05:04 . 2009-04-21 05:04 850 ----a-w c:\windows\system32\ProductTweaks.xml
2009-04-21 05:04 . 2009-04-21 05:04 385 ----a-w c:\windows\system32\user_gensett.xml
2009-04-21 04:59 . 2009-04-21 05:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\program files\CCleaner
2009-04-19 23:02 . 2009-04-19 23:02 -------- d-----w c:\documents and settings\Briana.KIDS\Application Data\ESET
2009-04-19 22:39 . 2009-04-19 22:39 -------- d-----w c:\documents and settings\Erika\Application Data\ESET
2009-04-19 07:56 . 2009-04-19 07:56 32 ----a-w c:\windows\go
2009-04-19 07:11 . 2009-04-19 07:14 -------- d-----w c:\documents and settings\Poo\Application Data\HideIP
2009-04-19 04:31 . 2009-04-19 04:31 -------- d-----w c:\windows\system32\VIRepair
2009-04-18 23:16 . 2009-04-18 23:16 -------- d-----w c:\documents and settings\Briana.KIDS\Application Data\Apple Computer
2009-04-18 17:19 . 2009-04-18 17:21 -------- d-----w c:\documents and settings\Poo\Application Data\ViSplore
2009-04-18 17:19 . 2009-04-18 17:19 -------- d-----w c:\documents and settings\Poo\Application Data\ViStart
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\ViSplore
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\TrueTransparency
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\WinFlip
2009-04-18 17:15 . 2009-04-18 17:15 -------- d-----w c:\program files\Vista Rainbar
2009-04-18 17:11 . 2009-04-18 17:11 78942 ----a-w c:\windows\Icon_1.ico
2009-04-18 17:11 . 2009-04-19 04:34 -------- d-----w c:\windows\system32\VITrans
2009-04-18 17:11 . 2006-12-04 00:15 111104 ----a-w c:\windows\system32\Uharc.exe
2009-04-18 17:11 . 2006-12-04 00:15 19968 ----a-w c:\windows\system32\reico.exe
2009-04-18 17:11 . 2006-12-04 00:15 69632 ----a-w c:\windows\system32\moveex.exe
2009-04-18 17:11 . 2006-12-04 00:14 8636 ----a-w c:\windows\system32\modifype.exe
2009-04-18 17:11 . 2004-11-28 02:00 94208 ----a-w c:\windows\system32\pskill.exe
2009-04-18 17:09 . 2008-11-12 06:22 20480 ----a-w c:\windows\system32\scrnrdr.exe
2009-04-18 06:44 . 2009-04-18 06:44 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-04-18 05:10 . 2009-04-18 05:10 -------- d-----w c:\program files\Tukero[X]Team
2009-04-17 23:58 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-17 04:00 . 2009-04-17 04:14 1765 ----a-w c:\documents and settings\Poo\Application Data\datawin.dat
2009-04-17 03:49 . 2009-04-17 03:49 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-17 03:44 . 2009-04-17 03:44 -------- d-----w c:\windows\system32\XPSViewer
2009-04-17 03:44 . 2009-04-17 03:44 -------- d-----w c:\program files\MSBuild
2009-04-17 03:44 . 2009-04-17 03:44 -------- d-----w c:\program files\Reference Assemblies
2009-04-17 03:43 . 2009-04-17 03:59 -------- d-----w c:\windows\SxsCaPendDel
2009-04-17 02:08 . 2006-06-29 20:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\system32\scripting
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\l2schemas
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\system32\en
2009-04-17 01:22 . 2009-04-17 01:22 -------- d-----w c:\windows\system32\bits
2009-04-17 01:18 . 2009-04-17 01:22 -------- d-----w c:\windows\ServicePackFiles
2009-04-17 00:56 . 2008-04-14 00:12 62464 ------w c:\windows\system32\qcliprov.dll
2009-04-17 00:55 . 2007-06-21 05:52 974 ------w c:\windows\system32\pid.inf
2009-04-16 15:32 . 2008-06-24 16:43 74240 ------w c:\windows\system32\dllcache\mscms.dll
2009-04-16 15:32 . 2008-12-16 12:30 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-16 10:14 . 2009-04-16 10:14 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-16 06:21 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:21 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:21 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:21 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 06:21 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:21 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:21 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:21 . 2009-02-06 11:08 2189056 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 06:21 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 06:01 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-04-16 06:01 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-04-16 06:00 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-04-16 05:47 . 2008-06-13 11:05 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-04-16 05:47 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-16 05:25 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-16 05:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 05:12 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 04:55 . 2008-10-16 21:07 23576 ----a-w c:\windows\system32\wuapi.dll.mui
2009-04-16 04:54 . 2008-10-16 21:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-16 04:54 . 2008-10-16 21:09 31768 ----a-w c:\windows\system32\wucltui.dll.mui
2009-04-16 04:54 . 2008-10-16 21:07 23576 ----a-w c:\windows\system32\wuaucpl.cpl.mui
2009-04-16 04:54 . 2008-10-16 21:07 18456 ----a-w c:\windows\system32\wuaueng.dll.mui
2009-04-16 04:50 . 2009-04-16 04:50 -------- d-----w c:\documents and settings\Poo\Application Data\ESET
2009-04-15 04:21 . 2009-04-15 04:21 -------- d-----w c:\documents and settings\Erika\Local Settings\Application Data\Apple Computer
2009-04-15 04:12 . 2009-04-15 04:12 -------- d-----w c:\documents and settings\Erika\Local Settings\Application Data\Mozilla
2009-04-15 03:45 . 2009-04-18 23:16 -------- d-----w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\Apple Computer
2009-04-15 03:19 . 2009-04-15 03:19 -------- d-----w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\Mozilla
2009-04-15 00:34 . 2009-04-15 00:34 -------- d-sh--w C:\Diskeeper
2009-04-14 23:32 . 2001-08-17 21:56 66048 ----a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-14 23:24 . 2009-04-14 23:24 -------- d-----w c:\program files\Common Files\Diskeeper Corporation
2009-04-14 23:24 . 2009-04-14 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-04-14 23:23 . 2009-04-14 23:23 -------- d-----w c:\program files\Diskeeper Corporation
2009-04-14 23:14 . 2009-04-14 23:30 -------- d-----w c:\documents and settings\Poo\Application Data\GlarySoft
2009-04-14 23:07 . 2009-04-14 23:07 -------- d-----w c:\program files\Glary Utilities
2009-04-14 05:33 . 2009-04-14 05:33 -------- d-----w c:\documents and settings\Poo\Local Settings\Application Data\ESET
2009-04-14 03:51 . 2009-04-16 04:49 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-14 02:38 . 2009-04-19 04:30 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-04-14 02:21 . 2009-04-14 02:21 -------- d-----w c:\program files\CONEXANT
2009-04-14 02:19 . 2009-04-14 02:19 -------- d-----w c:\documents and settings\Poo\Application Data\Styler
2009-04-14 02:09 . 2004-08-10 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll.backup
2009-04-14 01:59 . 2009-04-14 01:59 -------- d-sh--w c:\documents and settings\All Users\Application Data\System Restore
2009-04-14 01:17 . 2009-04-14 01:17 -------- d-----w c:\program files\Software Remove Master
2009-04-14 01:13 . 2009-04-14 01:13 -------- d-----w c:\documents and settings\Poo\Local Settings\Application Data\Stardock
2009-04-14 01:11 . 2009-04-19 04:31 -------- d-----w c:\program files\Styler
2009-04-14 00:21 . 2009-04-14 00:21 -------- d-----w c:\program files\uTorrent
2009-04-14 00:21 . 2009-04-21 04:59 -------- d-----w c:\documents and settings\Poo\Application Data\uTorrent
2009-04-12 05:25 . 2009-04-12 05:25 2 ----a-w c:\windows\msoffice.ini
2009-04-11 16:52 . 2009-04-11 16:52 -------- d-----w c:\documents and settings\Poo\Application Data\FireShot
2009-04-10 23:58 . 2009-04-21 23:21 -------- d-----w c:\documents and settings\Poo\Application Data\mIRC
2009-04-10 23:58 . 2009-04-21 23:09 -------- d-----w c:\program files\mIRC
2009-03-27 22:20 . 2009-03-27 22:20 -------- d-----w c:\documents and settings\Poo\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 23:33 . 2005-08-31 12:01 92947 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 23:32 . 2009-04-21 23:32 45056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-04-21 23:32 . 2009-04-21 23:32 61440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-04-21 23:32 . 2009-04-21 23:32 44032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-04-21 23:32 . 2009-04-21 23:32 40960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-04-21 23:32 . 2009-04-21 23:32 341048 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-04-21 23:32 . 2009-04-21 23:32 32768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-04-21 23:32 . 2009-04-21 23:32 32768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-04-21 23:32 . 2009-04-21 23:32 163840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-04-19 00:16 . 2005-11-12 16:21 -------- d-----w c:\program files\Microsoft Money 2005
2009-04-18 17:40 . 2006-12-19 21:02 -------- d-----w c:\program files\Diablo II
2009-04-18 17:19 . 2005-11-12 16:12 61520 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 05:19 . 2004-08-10 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-17 03:09 . 2008-11-23 01:26 -------- d-----w c:\documents and settings\Poo\Application Data\U3
2009-04-17 03:07 . 2007-02-02 05:21 14194 ----a-w c:\documents and settings\Poo\Application Data\wklnhst.dat
2009-04-17 01:13 . 2004-08-10 19:00 250048 --sh--r C:\ntldr
2009-04-14 23:22 . 2009-03-12 19:34 -------- d-----w c:\program files\QuickTime
2009-04-14 23:22 . 2008-06-20 04:30 -------- d-----w c:\program files\Kids Cam Sticker Factory
2009-04-14 23:22 . 2006-02-27 16:57 -------- d-----w c:\program files\Yahoo!
2009-04-14 23:22 . 2007-01-19 02:59 -------- d-----w c:\program files\Ahead
2009-04-14 23:22 . 2006-03-03 00:47 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-04-14 23:22 . 2005-11-12 15:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 23:21 . 2006-05-24 00:24 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-14 23:21 . 2006-03-18 10:09 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-14 23:14 . 2005-11-12 16:35 -------- d-----w c:\program files\PC-Doctor 5 for Windows
2009-04-14 04:26 . 2005-11-12 16:40 -------- d-----w c:\program files\Google
2009-04-14 02:18 . 2006-02-17 10:11 -------- d-----w c:\program files\Common Files\AOL
2009-04-14 00:19 . 2008-01-27 23:07 -------- d-----w c:\program files\Atari
2009-04-12 05:30 . 2005-11-12 16:21 -------- d-----w c:\program files\Common Files\Adobe
2009-04-12 05:26 . 2006-02-17 10:12 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-12 05:25 . 2006-12-29 19:15 -------- d-----w c:\documents and settings\Poo\Application Data\AOL
2009-03-27 04:30 . 2007-05-17 01:31 -------- d-----w c:\program files\GameSpy Arcade
2009-03-23 01:52 . 2009-03-21 04:38 -------- d-----w c:\documents and settings\Poo\Application Data\LimeWire
2009-03-21 14:06 . 2004-08-10 12:00 989696 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 04:32 . 2009-03-21 04:32 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 04:32 . 2005-11-12 15:48 -------- d-----w c:\program files\Java
2009-03-20 17:54 . 2007-04-04 03:07 600 ----a-w c:\documents and settings\Briana\Application Data\wklnhst.dat
2009-03-20 17:51 . 2007-04-04 00:32 62496 ----a-w c:\documents and settings\Briana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 05:55 . 2009-03-20 05:55 -------- d-----w c:\documents and settings\Briana\Application Data\2Wire
2009-03-19 05:47 . 2009-03-19 05:47 -------- d-----w c:\documents and settings\Poo\Application Data\MySpace
2009-03-18 04:46 . 2009-03-18 04:46 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-18 04:46 . 2009-03-18 04:46 -------- d-----w c:\program files\NETGEAR
2009-03-12 19:37 . 2009-03-12 19:36 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-12 19:37 . 2009-03-12 19:36 -------- d-----w c:\program files\iTunes
2009-03-12 19:36 . 2007-02-02 03:28 -------- d-----w c:\program files\iPod
2009-03-12 19:35 . 2009-03-12 19:35 -------- d-----w c:\program files\Bonjour
2009-03-12 19:33 . 2009-03-12 19:33 -------- d-----w c:\program files\Apple Software Update
2009-03-12 19:33 . 2009-03-12 19:33 -------- d-----w c:\program files\Common Files\Apple
2009-03-09 12:03 . 2009-03-09 12:03 121984 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-03-06 14:22 . 2004-08-10 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 19:18 . 2009-03-03 19:18 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 01:39 . 2009-03-03 01:39 -------- d-----w c:\documents and settings\Poo\Application Data\2Wire
2009-03-03 01:34 . 2009-03-03 01:34 -------- d-----w c:\program files\2Wire
2009-03-03 01:34 . 2009-03-03 01:34 -------- d-----w c:\program files\Actiontec
2009-03-02 23:04 . 2009-03-02 23:04 1499136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2009-02-26 03:07 . 2006-03-03 00:45 -------- d-----w c:\program files\Lx_cats
2009-02-20 08:11 . 2009-02-20 08:11 3068416 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 08:10 . 2004-08-10 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 12:00 666112 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-02-20 08:10 . 2004-08-10 12:00 619520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-02-20 08:10 . 2009-02-20 08:10 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-02-20 08:10 . 2004-08-10 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-10 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 12:00 729088 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 19:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 19:00 714752 ----a-w c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:10 . 2004-08-10 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-02-09 11:13 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-10 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-10 19:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2004-08-10 19:00 2145280 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2004-08-10 19:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2007-04-26 03:18 . 2007-04-26 03:18 87608 ----a-w c:\documents and settings\Poo\Application Data\ezpinst.exe
2007-04-26 03:18 . 2007-04-26 03:18 47360 ----a-w c:\documents and settings\Poo\Application Data\pcouffin.sys
2007-01-02 20:07 . 2006-12-29 19:14 126 ----a-w c:\documents and settings\Poo\Local Settings\Application Data\fusioncache.dat
2006-06-11 18:41 . 2006-06-11 18:41 2999213 ----a-w c:\program files\EXEtender.zip
2006-05-07 19:34 . 2006-05-07 19:34 774144 ----a-w c:\program files\RngInterstitial.dll
2006-03-29 04:20 . 2006-03-29 04:20 251 ----a-w c:\program files\wt3d.ini
2005-11-12 16:30 . 2009-04-15 04:09 50280 ----a-w c:\documents and settings\Erika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 16:30 . 2009-04-15 03:17 50280 ----a-w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 16:30 . 2006-12-29 19:14 50280 ----a-w c:\documents and settings\Poo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 16:30 . 2006-06-20 00:23 50280 ----a-w c:\documents and settings\Patric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-12 15:42 . 2009-04-15 04:09 136 ----a-w c:\documents and settings\Erika\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2009-04-15 03:17 136 ----a-w c:\documents and settings\Briana.KIDS\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2007-04-04 00:32 136 ----a-w c:\documents and settings\Briana\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2006-06-20 00:23 136 ----a-w c:\documents and settings\Patric\Local Settings\Application Data\fusioncache.dat
2005-11-12 15:42 . 2005-11-12 15:42 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2003-08-21 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2006-09-20 11392]
R3 JL2005;JL2005A Camera; [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]
S1 vdrv9000;vdrv9000;c:\windows\system32\DRIVERS\vdrv9000.sys [2007-01-23 105984]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S2 VC9SecS;Virtual CD v9 Management Service;c:\program files\Virtual CD v9\System\VC9SecS.exe [2007-04-12 124488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26dbe2f-0eb9-11de-8fd7-0015f27aebe3}]
\Shell\Auto\command - Q:\autorun.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat
\Shell\explore\Command - Q:\autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb34076f-b8fd-11dd-8f94-83d07237c9ba}]
\Shell\AutoRun\command - P:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 12:00]

2009-04-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-14 16:49]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
Toolbar-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Poo\Application Data\Mozilla\Firefox\Profiles\hkvjog4d.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.cityofdecay.com/login.php
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=CE2C1512-4EFC-4F42-94F4-455B0D286D58-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009040501&searchfor=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 16:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-04-21 16:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 23:59

Pre-Run: 146,047,582,208 bytes free
Post-Run: 146,126,196,736 bytes free

Current=1 Default=1 Failed=4 LastKnownGood=2 Sets=,1,2,3,4
419 --- E O F --- 2009-04-18 08:52


Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:54 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\VC9SecS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Poo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240075861546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239857598234
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe

--
End of file - 7271 bytes

0

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:17 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\VC9SecS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Poo\Desktop\System Optimization\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240075861546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239857598234
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe

--
End of file - 6733 bytes


My computer doesn't seem to have changed at all. I still get the error messages I was getting

0

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.