Security Tool and maybe more malaware

Ok cool, so what should I do?

Download Internet Explorer from here: http://www.microsoft.com/windows/Internet-explorer/default.aspx
Save the download, not open it.
Then, transfer the saved download to your flash drive or other storage media, and then on to the infected computer.

Install it after it gets transferred on to the infected computer. Did this work?

Hi DragonMaster Jay,

It doesnt install, it does the same when windows update try to make me install it. It fails at the second step (detecting spyware etc) and at the third (installing explorer 8) and then it stops telling me it cant install explorer 8.

THings you should know:

Any programs that requieres the internet doesnt work. Anything related to explorer or spybots removal most of them dont work. My connection is on and alive tho.

oh and since the beggining, when I click on the ie icon, I get the error message that windows cannot access the file or doesnt have the approprate authorisation to do so.

Again, I think thatg my problem is more as if I have been stripped off my admin rights on my computer.

Once again, transfer the download, and then open it.

1. Download peek.bat from the download link below and save it to your Desktop.
   
   Download peek.bat
   

Double-click peek.bat to run it.

A black Command Prompt window will appear shortly: the program is running.

Once it is finished, copy and paste the entire contents of the Log.txt (transfer the text file back, etc) file it creates as a reply to this post.

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C63-623B

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2004-08-05 07:00 186ÿ368 scecli.dll

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2004-08-05 07:00 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2004-08-05 07:00 55ÿ808 eventlog.dll
3 fichier(s) 649ÿ216 octets

R‚pertoire de C:\WINDOWS\ERDNT\cache

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\ERDNT\cache

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\ERDNT\cache

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\system32

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\system32

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\system32

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\system32\dllcache

2008-04-13 21:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\system32\dllcache

2008-04-13 21:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\system32\dllcache

2008-04-13 21:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

Total des fichiers list‚sÿ:
15 fichier(s) 3ÿ252ÿ224 octets
0 R‚p(s) 11ÿ234ÿ775ÿ040 octets libres

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe
cngaudit.dll
beep.sys
wscntfy.exe
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

There you go sir

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:43 on 12/11/2009 by joe (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 186368 bytes [22:30 22/08/2008] [12:00 05/08/2004] DEC0397F35D027874804EC72979D03CC
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 187392 bytes [04:45 03/11/2009] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 187392 bytes [02:33 14/04/2008] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 187392 bytes [12:00 05/08/2004] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3
C:\WINDOWS\system32\scecli.dll ------ 187392 bytes [12:00 05/08/2004] [02:33 14/04/2008] 973B36634C544948C663E8269AA1B3A3

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [22:30 22/08/2008] [12:00 05/08/2004] FAF07FDCDE76000621A28D19F8E2E8EB
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [04:45 03/11/2009] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [02:33 14/04/2008] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [12:00 05/08/2004] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2
C:\WINDOWS\system32\netlogon.dll ------ 407040 bytes [12:00 05/08/2004] [02:33 14/04/2008] 04821179C3171554C1BD1F9888A113E2

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [22:30 22/08/2008] [12:00 05/08/2004] 21E83876A6287F15538EF187D286FE11
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [04:45 03/11/2009] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [02:33 14/04/2008] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 56320 bytes [12:00 05/08/2004] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14
C:\WINDOWS\system32\eventlog.dll ------ 56320 bytes [12:00 05/08/2004] [02:33 14/04/2008] 4EC800BDF80521B0207BD2301DFC7D14

Searching for "winlogon.exe"
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 506368 bytes [22:30 22/08/2008] [12:00 05/08/2004] D2DE785AEAB0BB8CA4C14A8A199DBE4E
C:\WINDOWS\ERDNT\cache\winlogon.exe --a--- 512000 bytes [04:45 03/11/2009] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 512000 bytes [02:34 14/04/2008] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174
C:\WINDOWS\system32\dllcache\winlogon.exe --a--c 512000 bytes [12:00 05/08/2004] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174
C:\WINDOWS\system32\winlogon.exe ------ 512000 bytes [12:00 05/08/2004] [02:34 14/04/2008] DD73D6B9F6B4CB630CF35B438B540174

Searching for "comres.dll"
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 851968 bytes [22:30 22/08/2008] [12:00 05/08/2004] 19428638D8F4440F67519BD03A623BBB
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 851968 bytes [02:33 14/04/2008] [02:33 14/04/2008] F4B7146C7EED6C4E158DCD9B5266C25A
C:\WINDOWS\system32\comres.dll --a--- 851968 bytes [12:00 05/08/2004] [02:33 14/04/2008] F4B7146C7EED6C4E158DCD9B5266C25A
C:\WINDOWS\system32\dllcache\comres.dll --a--c 851968 bytes [12:00 05/08/2004] [02:33 14/04/2008] F4B7146C7EED6C4E158DCD9B5266C25A

Searching for "crypt32.dll"
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 604672 bytes [22:30 22/08/2008] [12:00 05/08/2004] FD8631128E14583F135EB4B3F37EF626
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 606208 bytes [02:33 14/04/2008] [02:33 14/04/2008] 39976DAD9564B336B153184268DB032F
C:\WINDOWS\system32\crypt32.dll --a--- 606208 bytes [12:00 05/08/2004] [02:33 14/04/2008] 39976DAD9564B336B153184268DB032F
C:\WINDOWS\system32\dllcache\crypt32.dll --a--c 606208 bytes [12:00 05/08/2004] [02:33 14/04/2008] 39976DAD9564B336B153184268DB032F

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33792 bytes [22:30 22/08/2008] [12:00 05/08/2004] F5402CD47B7389DDC21F92119A906EEE
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33792 bytes [02:34 14/04/2008] [02:34 14/04/2008] 93AD0B78C7357A05F50E594EC7C22300
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33792 bytes [12:00 05/08/2004] [02:34 14/04/2008] 93AD0B78C7357A05F50E594EC7C22300
C:\WINDOWS\system32\rundll32.exe --a--- 33792 bytes [12:00 05/08/2004] [02:34 14/04/2008] 93AD0B78C7357A05F50E594EC7C22300

Searching for "sfc.dll"
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [22:30 22/08/2008] [12:00 05/08/2004] 94559DE281DADCB58E6A3919C7EAC0B4
C:\WINDOWS\ERDNT\cache\sfc.dll --a--- 5120 bytes [04:45 03/11/2009] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [02:33 14/04/2008] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [12:00 05/08/2004] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC
C:\WINDOWS\system32\sfc.dll ------ 5120 bytes [12:00 05/08/2004] [02:33 14/04/2008] 9A4E7ECBB5B7FB86F3B926AB039F4FEC

Searching for "svchost.exe"
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [22:30 22/08/2008] [12:00 05/08/2004] 1BD6C2F707A275CB7C16FD99FE0F31CA
C:\WINDOWS\ERDNT\cache\svchost.exe --a--- 14336 bytes [04:45 03/11/2009] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [02:34 14/04/2008] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D
C:\WINDOWS\system32\dllcache\svchost.exe --a--c 14336 bytes [12:00 05/08/2004] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D
C:\WINDOWS\system32\svchost.exe ------ 14336 bytes [12:00 05/08/2004] [02:34 14/04/2008] E4BDF223CD75478BF44567B4D5C2634D

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\WINDOWS\ERDNT\cache\beep.sys --a--- 4224 bytes [04:45 03/11/2009] [12:00 05/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\dllcache\beep.sys --a--c 4224 bytes [12:00 05/08/2004] [12:00 05/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys ------ 4224 bytes [12:00 05/08/2004] [12:00 05/08/2004] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe -----c 13824 bytes [22:31 22/08/2008] [12:00 05/08/2004] 54CDDAD404557ED98433D6ECBFC92691
C:\WINDOWS\ERDNT\cache\wscntfy.exe --a--- 13824 bytes [04:45 03/11/2009] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe ------ 13824 bytes [02:34 14/04/2008] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--c 13824 bytes [12:00 05/08/2004] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA
C:\WINDOWS\system32\wscntfy.exe ------ 13824 bytes [12:00 05/08/2004] [02:34 14/04/2008] 02DA31AB433A6C1110A736C85701DECA

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [22:30 22/08/2008] [12:00 05/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [02:33 06/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [04:26 03/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [04:26 03/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

Sorry this has been difficult. I need to take a big picture of your system here:

(if you have an old version, please use that.)

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
  
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

THE ZIP FOLDER ABOVE CAN BE TRANSFERRED TO ANOTHER COMPUTER IF NECESSARY, THEN UPLOAD TO THE PARSER
Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

here it is Dragn Mastah Jay!

http://www.getsysteminfo.com/read.php?file=304c3b3172d75faaca3fb6469da45537

Download SREng

• Extract it to Desktop and double click SREngLdr.EXE to run it
  
• Select System Repair from the left pane.
  
• Click on File Association
  
• Select all entries that has an Error status click [Repair]
  
• Refer to this image for an example:
  
  
  
• Close SREng now.
  

==

Please download RBFA to your desktop

• Double click the program to run it. It will only take a few seconds to run.
  
• You will be prompted to press any key at the end to close it
  
• Once it is finished, it will remove itself. If not, delete it yourself
  

==

Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Please re-open Malwarebytes, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Hi DragonMaster Jay,

THe first program did not found any error status all files were considered normal is the status.

The second program the RBFA seemes t have a virus detected by my office pc. Anyway I was still able to DL it on my usb key put it on my desktop, however when I used I had multiuple errors dialog box.

Third seemed to work, funny enough it was asking if I wanted to seek help online I clicked by curiosity see if I would connect... and... I DID!

Im performing the Malwarebytes scan right now, however I couldnt update it.

Malaware detected nothing

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3

2009-11-13 22:52:43
mbam-log-2009-11-13 (22-52-43).txt

Type de recherche: Examen rapide
Eléments examinés: 91181
Temps écoulé: 2 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

So we fȋxed explorer. But I tried right away to update spyware removal, connect to msn, connect to steam, do online scans, nȯne of them worked.

You have been proper patient.

I am ever so curious if your Internet connection is all the way blocked, or just partially.

Let's do this, please:

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then, please try to access the Internet. Is it possible?

Also, are you running an antivirus software or antispyware? Please list any that your currently have installed.

Just so you know, when you asked me to remove internet explorer since then msn doesnt work.

Ok so I did rebooted on safe mode with network. I dont know if its normal but I had the choice to log in either as joe my usual profile or... administrator...

So it didnt connected to the internet

For anti virus I have Norton 360 Internet Security, but its expired.

!!! When I turned the PC off it told me :"some users opened sessions on this cmputer, closing the computer might make them lose unsaved data or work" smething like that in french....

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

SmitFraudFix v2.424

Rapport fait à 17:44:16,42, 2009-11-14
Executé à partir de C:\Documents and Settings\joe\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zabaware\HalReader\HalReader.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joe


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\joe\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joe\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\joe\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC639DF9-27EF-469C-B576-FBF0361F3B58}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC639DF9-27EF-469C-B576-FBF0361F3B58}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CC639DF9-27EF-469C-B576-FBF0361F3B58}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

THANKS FOR NOT GIVING UP ON ME MASTAH JAY

mswsock.dll tcpip
winrnr.dll NTDS
rsvpsp.dll (Protocol handler)

Did you see the phrase "No problems found."

yes

Good.

Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:


netsh winsock reset catalog

Then, exit out.
==

Do you have Internet after performing the above process?

Same as before, which means I do have access to internet, hwever any programs or applications using internet give me a ''no connection'' error report. (such as spyware updates, gaming programs like steam.exe) Also ie8 and windows live messenger still get errors and cant reinstall. Same for any online anti-virus scans, tells me I dont accept the host certificate.

Please download Firefox from http://www.getfirefox.com and then transfer it to the infected computer. Install it, then run it. Anything?

Hi,

It installs but it doesnt connect.

Heres the error msg in their report:
Erreur : [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIChannel.contentType]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: file:///C:/Program%20Files/Mozilla%20Firefox/components/FeedProcessor.js :: FP_onStartRequest :: line 1440" data: no]
Fichier Source : file:///C:/Program%20Files/Mozilla%20Firefox/components/FeedProcessor.js
Ligne : 1440

If you still have Inherit, no need to re-download it.
Please download Inherit by sUBs

1. Drag and drop the following files onto Inherit:
   C:\WINDOWS\system32\iesetup.dll
   C:\WINDOWS\system32\imgutil.dll
   C:\WINDOWS\system32\inseng.dll
   C:\WINDOWS\system32\mshtml.dll
   C:\WINDOWS\system32\msrating.dll
   C:\WINDOWS\system32\occache.dll
   C:\WINDOWS\system32\pngfilt.dll
   C:\WINDOWS\system32\webcheck.dll
   
   
   
2. This shall restore permissions to the file.
   

Then, restart the computer. Now see if you can do any activities online.

I did what you said, dragged the file in inherit.exe, I had a little dialog box saying "ok" to each file.

Still can't connetc with firefox and other apps

its like if I had a firewall.

Hey is their a way to do a traceroute with my ip see where it goes before going to the internt?

I am going to fetch a toolkit with clean system files.

In the meantime, please tell me what happens if you go to Start > Run and type in iexplore.exe and Press OK.

Does Internet Explorer launch?

Please get an uninstall list from HijackThis by doing the following:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

When I do what u said in run it starts internet explore and it works.

Here's the list you asked for:

2006 FIFA World Cup (TM)
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.7 - Français
AppCore
Apple Software Update
Assistant de connexion Windows Live
ASUS Probe V2.24.02
AsusUpdate
Athlon 64 Processor Driver
Backup
BlackBerry Device Software Updater
BlackBerry Device Software v4.7.0 pour smartphone BlackBerry 9530
BrainWave Generator
Bulent's Screen Recorder
ccCommon
Choice Guard
Clean Virus MSN
CleanUp!
Combat Arms
Cool MOV To WMV Converter 1.0
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Debugging Tools for Windows
DivX
EA SPORTS online 2006
EA.com Update
Express Burn
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
EZ AVI TO WMV Converter 3.00
FIFA 06
Free Convert DIVX AVI to MOV MPEG WMV Converter 5.8
Galerie de photos Windows Live
GearDrvs
GearDrvs
HijackThis 2.0.2
HLSW v1.0.0.45
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
IL-2 Sturmovik: 1946
Installation Windows Live
Installation Windows Live
Insurgency ( Remove only)
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
L&H TTS3000 Français
Lecteur Windows Media 11
LimeWire 4.18.3
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Logitech Gaming Software 5.02
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disque 2
Microsoft Office 2000 SR-1 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB961503)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB973815)
Mozilla Firefox (3.5.5)
MSVCRT
MUSICMATCH Jukebox
Natural Selection 3.2
Niche Research Commando Ver 1.1.3
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
NVIDIA Drivers
NVIDIA PhysX v8.10.13
Outil de téléchargement Windows Live
Pando Media Booster
QuickTime
RealPlayer
Rugby 2004
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
Sound Blaster Audigy 2 ZS
Source SDK Base
Starcraft
Steam(TM)
SUPERAntiSpyware Free Edition
Switch
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
Symantec Technical Support Web Controls
TeamSpeak 2 RC2
Ultra Hal Text-to-Speech Reader
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
VideoLAN VLC media player 0.8.6f
WavePad Uninstall
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xpand Rally

Do you mean the entire connection? You can access the Internet via Internet Explorer?

yes I always said my connection was on. I see the lil network status saying connection if good.

For iexplore.exe its since the windows fix you gave me "page 4" sorry for not making it clear.

Please copy and paste the following in to Notepad:

rem Script used to manually reregister Internet Explorer and Shell related *.dlls
rem Also included the Digital Signing and Cryptographic Provider *. dlls if needed
rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\System32\dacui.dll
rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\Catroot\icatalog.mdb
rem regsvr32 setupwbv.dll /s
rem regsvr32 wininet.dll /s
regsvr32 comcat.dll /s
regsvr32 CSSEQCHK.DLL /s
regsvr32 shdoc401.dll /s
regsvr32 shdoc401.dll /i /s
regsvr32 asctrls.ocx /s
regsvr32 oleaut32.dll /s
regsvr32 shdocvw.dll /I /s
regsvr32 shdocvw.dll /s
regsvr32 browseui.dll /s
regsvr32 browsewm.dll /s
regsvr32 browseui.dll /I /s
regsvr32 msrating.dll /s
regsvr32 mlang.dll /s
regsvr32 hlink.dll /s
rem regsvr32 mshtml.dll /s
regsvr32 mshtmled.dll /s
regsvr32 urlmon.dll /s
regsvr32 plugin.ocx /s
regsvr32 sendmail.dll /s
rem regsvr32 comctl32.dll /i /s
rem regsvr32 inetcpl.cpl /i /s
rem regsvr32 mshtml.dll /i /s
regsvr32 scrobj.dll /s
regsvr32 mmefxe.ocx /s
rem regsvr32 proctexe.ocx mshta.exe /register /s
regsvr32 corpol.dll /s
regsvr32 jscript.dll /s
regsvr32 msxml.dll /s
regsvr32 imgutil.dll /s
regsvr32 thumbvw.dll /s
regsvr32 cryptext.dll /s
regsvr32 rsabase.dll /s
rem regsvr32 triedit.dll /s
rem regsvr32 dhtmled.ocx /s
regsvr32 inseng.dll /s
regsvr32 iesetup.dll /i /s
rem regsvr32 hmmapi.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 actxprxy.dll /s
regsvr32 dispex.dll /s
regsvr32 occache.dll /s
regsvr32 occache.dll /i /s
regsvr32 iepeers.dll /s
rem regsvr32 wininet.dll /i /s
regsvr32 urlmon.dll /i /s
rem regsvr32 digest.dll /i /s
regsvr32 cdfview.dll /s
regsvr32 webcheck.dll /s
regsvr32 mobsync.dll /s
regsvr32 pngfilt.dll /s
regsvr32 licmgr10.dll /s
regsvr32 icmfilter.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 inetcfg.dll /s
rem regsvr32 trialoc.dll /s
regsvr32 tdc.ocx /s
regsvr32 MSR2C.DLL /s
regsvr32 msident.dll /s
regsvr32 msieftp.dll /s
regsvr32 xmsconf.ocx /s
regsvr32 ils.dll /s
regsvr32 msoeacct.dll /s
rem regsvr32 wab32.dll /s
rem regsvr32 wabimp.dll /s
rem regsvr32 wabfind.dll /s
rem regsvr32 oemiglib.dll /s
rem regsvr32 directdb.dll /s
regsvr32 inetcomm.dll /s
rem regsvr32 msoe.dll /s
rem regsvr32 oeimport.dll /s
regsvr32 msdxm.ocx /s
regsvr32 dxmasf.dll /s
rem regsvr32 laprxy.dll /s
regsvr32 l3codecx.ax /s
regsvr32 acelpdec.ax /s
regsvr32 mpg4ds32.ax /s
regsvr32 voxmsdec.ax /s
regsvr32 danim.dll /s
regsvr32 Daxctle.ocx /s
regsvr32 lmrt.dll /s
regsvr32 datime.dll /s
regsvr32 dxtrans.dll /s
regsvr32 dxtmsft.dll /s
rem regsvr32 vgx.dll /s
regsvr32 WEBPOST.DLL /s
regsvr32 WPWIZDLL.DLL /s
regsvr32 POSTWPP.DLL /s
regsvr32 CRSWPP.DLL /s
regsvr32 FTPWPP.DLL /s
regsvr32 FPWPP.DLL /s
rem regsvr32 FLUPL.OCX /s
regsvr32 wshom.ocx /s
regsvr32 wshext.dll /s
regsvr32 vbscript.dll /s
regsvr32 scrrun.dll mstinit.exe /setup /s
regsvr32 msnsspc.dll /SspcCreateSspiReg /s
regsvr32 msapsspc.dll /SspcCreateSspiReg /s
regsvr32 licdll.dll /s
regsvr32 regwizc.dll /s
regsvr32 softpub.dll /s
regsvr32 IEDKCS32.DLL /s
regsvr32 MSTIME.DLL /s
regsvr32 WINTRUST.DLL /s
regsvr32 INITPKI.DLL /s
regsvr32 DSSENH.DLL /s
regsvr32 RSAENH.DLL /s
regsvr32 CRYPTDLG.DLL /s
regsvr32 Gpkcsp.dll /s
regsvr32 Sccbase.dll /s
regsvr32 Slbcsp.dll /s
exit

Then click File > Save as
Choose Save as type: All Files
File name: fixIEx.bat
Save to the Desktop

Then, exit Notepad, and double-click on fixIEx.bat to run it. It will exit when finished. Then, restart your computer, and see if Internet Explorer is fully functional, and if you can access services such as IM, or Online scans, etc.

nope still doesnt work.

Im uninstalling norton 360 right now. Maybe it can help

EUREKA!!!!

Team.exe works, FIrefox wrks, Im updating Malwarebytes right now and performing a scan with the update.

It was Norton man wtf

PS": I tried to remve it before but because my iexplore wasnt working I couldnt dl the tool!

After this Im doing bitfender online scan as you suggested on page 2

Good!

Do you need the link to the Norton Removal Tool to make sure it's gone?

I am logging that in my notes, about Norton.

Post the results when you want me to check them.

it doesnt work!

Arg! Ok we solved some issues but I still feel something or someone doesnt want me to perform a virus scan on my pc.

I have the same message I had before for bitfender, it tells me "..the host doesnt allow the activex of blah blah. "

THen I tried Panda Online Scanner and I also got an error message.

Is there any other way I could perform a virus scan for free?

Oh right my Firefox wrks now so I'm doing it with FireFox!!!

yay Im writting with my infected PC!!!

Here's the log:

BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Sat Nov 14 22:42:04 2009
Machine ID: 7C63623B



No infection found.
---------------------


Processes
---------
CTSysVol.exe 1804 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
Logitech Events Handler Application 1984 C:\Program Files\Logitech\MouseWare\system\em_exec.exe
TODO: 1908 C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
HalReader.exe 128 C:\Program Files\Zabaware\HalReader\HalReader.exe
CtHelper Application 1812 C:\WINDOWS\system32\CTHELPER.EXE

Logitech WingMan Event Monitor 1852 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
MsCamSvc.exe 400 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
Microsoft SeaPort Search Enhancement Broker 456 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Firefox 152 C:\Program Files\Mozilla Firefox\firefox.exe
Steam 732897 1924 C:\program files\steam\steam.exe
Windows Live Communications Platform 4012 C:\Program Files\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 1940 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Explorateur Windows 1516 C:\WINDOWS\Explorer.EXE
.NET Runtime Optimization Service 248 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Application Layer Gateway Service 2244 C:\WINDOWS\System32\alg.exe
Client Server Runtime Process 628 C:\WINDOWS\system32\csrss.exe
CTF Loader 1972 C:\WINDOWS\system32\ctfmon.exe
LSA Shell (Export Version) 708 C:\WINDOWS\system32\lsass.exe
NVIDIA Driver Helper Service, Version 180.48 424 C:\WINDOWS\system32\nvsvc32.exe
Exécuter une DLL en tant qu'application 1896 C:\WINDOWS\system32\RUNDLL32.EXE
Applications Services et Contrôleur 696 C:\WINDOWS\system32\services.exe
Gestionnaire de session Windows NT 560 C:\WINDOWS\System32\smss.exe
Spooler SubSystem App 1624 C:\WINDOWS\system32\spoolsv.exe
Generic Host Process for Win32 Services 188 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 532 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 1260 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 1052 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 1020 C:\WINDOWS\System32\svchost.exe
Generic Host Process for Win32 Services 924 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 864 C:\WINDOWS\system32\svchost.exe
Generic Host Process for Win32 Services 3064 C:\WINDOWS\System32\svchost.exe
Generic Host Process for Win32 Services 1352 C:\WINDOWS\system32\svchost.exe
Application d'ouverture de session Windows NT 652 C:\WINDOWS\system32\winlogon.exe
Windows Security Center Notification App 2608 C:\WINDOWS\system32\wscntfy.exe
Windows Update 3860 C:\WINDOWS\system32\wuauclt.exe
Microsoft LifeCam VX6000 Device Application 1828 C:\WINDOWS\vVX6000.exe


Network activity
----------------
Process firefox.exe (152) connected on port 80 (HTTP) - a69-192-28-20.deploy.akamaitechnologies.com
Process firefox.exe (152) connected on port 80 (HTTP) - qw-in-f102.1e100.net
Process MsnMsgr.Exe (1940) connected on port 1863 (MSN) - by2msg3020215.phx.gbl

Process svchost.exe (924) listens on ports: 135 (RPC)
Process svchost.exe (1352) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
ShellExecuteHook C:\Nexon\SASSEH.DLL
SUPERAntiSpyware WinLogon Processor C:\Nexon\SASWINLO.dll
SBDrvDet.exe C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
Microsoft Office 2000 component C:\Program Files\Microsoft Office\Office\OSA9.EXE
TODO: C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
QuickTime Task C:\Program Files\QuickTime\qttask.exe
CtHelper Application C:\WINDOWS\system32\CTHELPER.EXE
nwiz.exe C:\WINDOWS\system32\nwiz.exe
Creative UpdReg C:\WINDOWS\UpdReg.EXE

Malwarebytes' Anti-Malware C:\Nexon\Malwarebytes' Anti-Malware\mbam.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Logitech WingMan Event Monitor C:\Program Files\Logitech\Gaming Software\LWEMon.exe
LifeExp.exe C:\Program Files\Microsoft LifeCam\LifeExp.exe
Steam 732897 C:\program files\steam\steam.exe
Windows Live Messenger C:\program files\windows live\messenger\msnmsgr.exe
Logitech Launcher Application C:\WINDOWS\Logi_MwX.Exe
Bibliothèque de l'interface utilisateur du navigat C:\WINDOWS\system32\browseui.dll
Crypto API32 C:\WINDOWS\system32\crypt32.dll
Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
Agent réseau hors connexion C:\WINDOWS\system32\cscdll.dll
CTF Loader C:\WINDOWS\system32\ctfmon.exe
DIMS Notification Handler C:\WINDOWS\system32\dimsntfy.dll
Windows Logon UI C:\WINDOWS\system32\logonui.exe
Microsoft Feeds Synchronization C:\WINDOWS\system32\msfeedssync.exe
NVIDIA Display Properties Extension C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
DLL secondaire de notification de service d'ouvert C:\WINDOWS\system32\sclgntfy.dll
DLL commune du shell Windows C:\WINDOWS\system32\shell32.dll
Objet du service d'environnement Systray C:\WINDOWS\system32\stobject.dll
Application d'ouverture de session Userinit c:\windows\system32\userinit.exe
Web Site Monitor C:\WINDOWS\system32\webcheck.dll
Notifications Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
DLL commune de réception des notifications Winlogo C:\WINDOWS\system32\wlnotify.dll
Windows Portable Device Shell Service Object C:\WINDOWS\system32\WPDShServiceObj.dll
Microsoft LifeCam VX6000 Device Application C:\WINDOWS\vVX6000.exe


Browser plugins
---------------
RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
RealJukebox Netscape Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
6.0.12.1348 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
bdoscandel.exe C:\WINDOWS\bdoscandel.exe

Adobe Acrobat IE Helper Version 7.0 for ActiveX c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
WindowsLiveLogin.dll c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll
Windows Messenger C:\Program Files\Messenger\msmsgs.exe
3.0.40818.0 c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
Search Helper for Internet Explorer c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
Panda ActiveScan 2.0 Plugin for Firefox C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
NPWLPG C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Live Toolbar Core c:\program files\windows live\toolbar\wltcore.dll
Panda ActiveScan 2.0 Stub Library C:\WINDOWS\Downloaded Program Files\as2stubie.dll
MSN Photo Upload Tool C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
MSN Photo Upload Tool C:\WINDOWS\Downloaded Program Files\CONFLICT.1\PURen-ca.dll
MSN Photo Upload Tool C:\WINDOWS\Downloaded Program Files\CONFLICT.1\PURen-us.dll
Facebook Photo Uploader 5 Control C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx
Windows Presentation Foundation (WPF) plug-in for c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Network Diagnostic for Windows XP C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Internet Explorer C:\WINDOWS\system32\ieframe.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Fournisseur de service Sockets 2.0 de Microsoft Wi C:\WINDOWS\system32\mswsock.dll
Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll


Scan
----
C:\windows\softwaredistribution\datastore\logs\tmp.edb - could not be accessed
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Zabaware\HalReader\HalReader.exe

Upload started - 1 file(s)
Upload: C:\Program Files\Zabaware\HalReader\HalReader.exe - 303104 bytes, hash: dc72ad36ecfa16dc28335c1edc02d467
Upload speed - 39 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 9 sec
Total traffic - 0.34 MB sent, 2.64 KB recvd
Scanned 1108 files and modules - 46 seconds


Mind you I still think I still have some confusions in my windows and microsoft files to know what to authorise or not. I guess that Security Toll Malaware kinda played in there with Norton 360.

But its feels much better, thank you so much DMJ!

Every time I deal with a Security Tool infection, it always seems to damage some component that requires Windows to work properly.

If you want to get rid of Norton or reinstall it, see this page: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Then, run the following scan:

Panda ActiveScan online scan.

• Click the big green Scan now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• Once the scan is completed, please hit the notepad icon next to the text Export to:
  
• Save it to a convenient location such as your Desktop
  
• Post the contents of the ActiveScan.txt in your next reply

Ok , I told you I tried Panda Active Scan with Explorer and it doesnt work, doesnt allow it.

Ill do it with Firex Fox brb

holy **** I used your Norton removal link, even tho it was the same file I previously used (I think), when I rebooted IE8 final step installation appearred. So Im now scanningonline with IE8 at Panda's!

Good. I forgot to remove that info in the can about Panda. Panda ActiveScan works on Firefox as well.

Let me know other good details.

ouch,

Active Scan is only at 25% and has already found 8 infected files and 1 suspicious.

I hope the free scan fix them and removes them!

They are probably all cookies. lol - Very low risk items, if any risk.