Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Computer Very Slow - Possible Multiple Virus Infections?

(In Progress)
(!)

endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
01-Oct-2011, 02:28 PM #31
Followed your instructions to the letter.......still get same message......
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
01-Oct-2011, 05:16 PM #32
OK, Go Here and follow Reset the registry and the file permissions section. That will reset your registry and permissions issue...

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
02-Oct-2011, 01:49 AM #33
I reset the registry and file permissions as instructed. Then I rebooted into safe mode and downloaded SP3 installer. When done I rebooted the computer. However, during the reboot I got a green screen with a bunch of words starting with:

A problem has been detected and windows has been shut down to protect damage to your computer.......

there were several other words after this basically telling me that if it was the 1st time I saw the error (it was) to try to reboot to the last known good configuration. I tried this at least 3 times and then I booted into safe mode and reset my restore point to where you had me do the "fixme". The computer would not reboot otherwise, so this is where it stands......
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
02-Oct-2011, 04:02 AM #34
OK, this is a bear cat for sure. SP3 is very much needed or your system will always be prone to infection. From your original CF logs there was an alert of a missing file "proquota.exe" run the following and see if there is a copy on board:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    proquota.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Let me see that log in your reply...

Do you have your XP installation CD, if so what service pack level is it?

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
02-Oct-2011, 11:56 AM #35
SystemLook 30.07.11 by jpshortstuff
Log created at 10:47 on 02/10/2011 by Compaq_Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "proquota.exe"
No files found.

-= EOF =-

Unfortunately, I don't have the installation CD. The place we orginally bought the computer from already had the computer loaded and did not have/give out the installation CDs.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
02-Oct-2011, 01:32 PM #36
The shop should have provided you with an installation CD, ok no problem do the following.

Step 1

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


Step 2

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: XP Home SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.

Step 3

I have attached proquota.zip to this reply, save to your Desktop then unzip to this folder C:\windows\system32\dllcache So that you end up with this C:\windows\system32\dllcache\proquota.exe

The file I attach is from XP Home edition, same OS as you have installed.

Step 4

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
02-Oct-2011, 09:56 PM #37
I saved the proquota.zip to my desktop. When I double click on that folder I assume I select the .exe file and "extract" the file to the c:\windows\system32\dllcache file. However, I don't have any folders with that name. Am I supposed to create one first? I also don't have winzip either, does that make a difference?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
03-Oct-2011, 02:56 AM #38
Apologies dllcache folder is hidden, do the following to see it :

Open My Computer, access Tools > Folder Options, click the View tab and then select the Show hidden files and folders option, and uncheck the Hide protected operating system files option.

To unzip the file go Here d/l and install IZarc, it is free and will do what we want.
Unzip the file to the dllcache folder, then run CF

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
03-Oct-2011, 10:24 PM #39
ComboFix 11-10-03.01 - Compaq_Owner 10/03/2011 20:13:23.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.222 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Compaq_Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\test\Application Data\PriceGong
c:\documents and settings\test\Application Data\PriceGong\Data\c.xml
c:\documents and settings\test\Application Data\PriceGong\Data\mru.xml
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\explorer(2).exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\linkinfo(2).dll
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 01:39 . 2011-10-04 01:39 -------- d-----w- c:\windows\LastGood
2011-10-04 01:39 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\OLD11E.tmp
2011-10-04 01:39 . 2004-08-04 02:00 50176 ----a-w- c:\windows\system32\proquota.exe
2011-10-04 00:35 . 2011-10-04 00:38 -------- d-----w- c:\program files\IZArc
2011-10-03 01:29 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota\proquota.exe
2011-10-03 01:26 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe\proquota.exe
2011-10-03 00:22 . 2011-10-03 00:22 -------- d-----w- c:\program files\ERUNT
2011-10-02 05:08 . 2011-10-02 05:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 04:54 . 2011-10-02 04:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-10-02 04:03 . 2011-10-02 04:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-02 03:55 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002738_.tmp
2011-10-01 20:44 . 2011-10-03 02:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-30 22:10 . 2011-09-30 22:15 -------- d-----w- C:\8c1052ccbb76ede9b14ff3e1ec
2011-09-30 03:17 . 2011-09-30 03:23 -------- d-----w- C:\70f5fa78f1c271efda
2011-09-29 00:23 . 2011-09-29 00:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Sun
2011-09-28 21:14 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-28 21:14 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-28 21:13 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-28 21:13 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-28 21:13 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-28 21:13 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-28 21:13 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-28 21:13 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-28 21:12 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-28 21:12 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\program files\AVAST Software
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-28 20:48 . 2011-09-28 20:48 -------- d-----w- c:\program files\Common Files\Java
2011-09-27 02:27 . 2011-09-27 02:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2011-09-26 14:22 . 2011-09-26 14:22 -------- d-----w- c:\program files\FileHippo.com
2011-09-23 00:24 . 2011-09-24 05:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PriceGong(2)
2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 04:14 . 2011-10-02 04:14 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon. exe
2011-10-02 04:14 . 2011-10-02 04:14 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
2011-10-02 04:14 . 2011-10-02 04:14 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.e xe
2011-10-02 04:14 . 2011-10-02 04:14 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
2011-10-02 04:14 . 2011-10-02 04:14 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
2011-10-02 04:14 . 2011-10-02 04:14 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
2011-10-02 04:14 . 2011-10-02 04:14 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper .dll
2011-10-02 04:14 . 2011-10-02 04:14 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
2011-10-02 04:14 . 2011-10-02 04:14 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHI18N.dll
2011-10-02 04:14 . 2011-10-02 04:14 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ContentUpdater.exe
2011-10-02 04:14 . 2011-10-02 04:14 110592 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\DSAPI4.dll
2011-10-02 04:14 . 2011-10-02 04:14 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PluginCtrl.dll
2011-10-02 04:13 . 2011-10-02 04:13 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\HPBasicDetection.dll
2011-10-02 04:13 . 2011-10-02 04:13 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\msxmlwrapper.dll
2011-10-02 04:13 . 2011-10-02 04:13 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\GUI.dll
2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\ZipLib.dll
2011-10-02 04:13 . 2011-10-02 04:13 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchapi.dll
2011-10-02 04:13 . 2011-10-02 04:13 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\motivede.dll
2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchmsxml.dll
2011-10-02 04:13 . 2011-10-02 04:13 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
2011-10-02 04:13 . 2011-10-02 04:13 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\api.dll
2011-10-02 04:13 . 2011-10-02 04:13 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pcdapi.dll
2011-10-02 04:13 . 2011-10-02 04:13 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\clientutil52 .dll
2011-10-02 04:13 . 2011-10-02 04:13 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\util.dll
2011-10-02 04:13 . 2011-10-02 04:13 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\client_motkt .dll
2011-10-02 04:13 . 2011-10-02 04:13 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\InetWrap.dll
2011-10-02 04:13 . 2011-10-02 04:13 102400 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCDrAccess.dll
2011-10-02 04:13 . 2011-10-02 04:13 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\hwinv.dll
2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchmsxml.dll
2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\asst_ui.dll
2011-10-02 04:13 . 2011-10-02 04:13 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\gnu.dll
2011-10-02 04:13 . 2011-10-02 04:13 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\SearchCtrl.dll
2011-10-02 04:13 . 2011-10-02 04:13 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\winverifytrustwrapper .dll
2011-10-02 04:13 . 2011-10-02 04:13 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\jsharpinterp .dll
2011-10-02 04:13 . 2011-10-02 04:13 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll
2011-09-28 20:41 . 2010-08-06 19:37 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 20:41 . 2010-07-12 16:08 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSISer ver]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 aswFsBlk;aswFsBlk; [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-03 47360]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-03 41272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GUPDATE
*NewlyCreated* - GUPDATEM
*NewlyCreated* - GUSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-03 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2011-10-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2011-10-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-10-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
.
2011-10-02 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 20:40
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-03 20:54:11
ComboFix-quarantined-files.txt 2011-10-04 01:53
.
Pre-Run: 24,560,848,896 bytes free
Post-Run: 28,695,728,128 bytes free
.
- - End Of File - - C7FA7B06BF0DF902BCCAEA8C5AC9988F
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
04-Oct-2011, 03:43 AM #40
OK, CF has replaced the file for us into the correct folder, do the following:

Right click on the Avast Icon next to your clock and select "open avast user interface"
On the interface select Scan Computer



On the next window select Boot time scan



Onthe next window select Schedule now



On the next window select Restart Computer



Let your system re-boot and carry out the boot time scan, let me know what it finds.

If that scan is clean re-boot into safe mode, turn off security > right click on Avast icon at clock > select "avast shields control" > disable until computer is restarted > Try to install SP3 again...

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
05-Oct-2011, 07:09 PM #41
The scan found 1 infection.

c:\hp\bin\ProcessLogger.exe is infected by win32:PUP.gen [PUP]

I didn't do anything with it because I wasn't sure if you wanted me to repair, delete, or move it.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
05-Oct-2011, 07:45 PM #42
I`d rather you upload that file for analysis, do the following:

Upload a File to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file c:\hp\bin\ProcessLogger.exe
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Let me see the results...
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
05-Oct-2011, 08:12 PM #43
Hope this is what you were looking for:

File name: ProcessLogger.exe
Submission date: 2011-10-06 00:03:29 (UTC)
Current status: queued (#436) queued (#436) analysing finished


Result: 1/ 43 (2.3%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.10.05.00 2011.10.05 -
AntiVir 7.11.15.135 2011.10.05 -
Antiy-AVL 2.0.3.7 2011.10.05 -
Avast 6.0.1289.0 2011.10.05 Win32:PUP-gen [PUP]
AVG 10.0.0.1190 2011.10.05 -
BitDefender 7.2 2011.10.06 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.05 -
ClamAV 0.97.0.0 2011.10.06 -
Commtouch 5.3.2.6 2011.10.05 -
Comodo 10356 2011.10.06 -
DrWeb 5.0.2.03300 2011.10.06 -
Emsisoft 5.1.0.11 2011.10.06 -
eSafe 7.0.17.0 2011.10.05 -
eTrust-Vet 36.1.8599 2011.10.05 -
F-Prot 4.6.2.117 2011.10.05 -
F-Secure 9.0.16440.0 2011.10.06 -
Fortinet 4.3.370.0 2011.10.05 -
GData 22 2011.10.06 -
Ikarus T3.1.1.107.0 2011.10.05 -
Jiangmin 13.0.900 2011.10.05 -
K7AntiVirus 9.114.5245 2011.10.05 -
Kaspersky 9.0.0.837 2011.10.06 -
McAfee 5.400.0.1158 2011.10.06 -
McAfee-GW-Edition 2010.1D 2011.10.05 -
Microsoft 1.7702 2011.10.05 -
NOD32 6520 2011.10.06 -
Norman 6.07.11 2011.10.05 -
nProtect 2011-10-05.01 2011.10.05 -
Panda 10.0.3.5 2011.10.05 -
PCTools 8.0.0.5 2011.10.06 -
Prevx 3.0 2011.10.06 -
Rising 23.77.04.01 2011.09.30 -
Sophos 4.69.0 2011.10.05 -
SUPERAntiSpyware 4.40.0.1006 2011.10.06 -
Symantec 20111.2.0.82 2011.10.05 -
TheHacker 6.7.0.1.317 2011.10.05 -
TrendMicro 9.500.0.1008 2011.10.05 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.06 -
VBA32 3.12.16.4 2011.10.05 -
VIPRE 10672 2011.10.06 -
ViRobot 2011.10.5.4703 2011.10.05 -
VirusBuster 14.0.250.0 2011.10.05 -
Additional informationShow all
MD5 : 682990a95f88844290d55f25b9f05138
SHA1 : f67d46bcc89ba10fe2bbebbab8b1f9ef85e29b47
SHA256: f445882b48cfcc62adaaacc2558d9f341a68ed593518f94a118e30be56138f22
ssdeep: 6144:mWTVF++nrDRqPdWPNKBFrL0WyHGvFkpfKkA0uqyDZGZzn8ZDsIVTtqp2MEdZAuEl:miqFW
8BxYrHYDv0iQZ7OOAdCJVeX
File size : 447488 bytes
First seen: 2006-08-20 03:15:02
Last seen : 2011-10-06 00:03:29
TrID:
Win32 Executable Delphi generic (30.6%)
DOS Executable Borland C++ (27.1%)
Win32 Executable Generic (17.8%)
Win32 Dynamic Link Library (generic) (15.8%)
Generic Win/DOS Executable (4.1%)
sigcheck:
publisher....: Hewlett-Packard
copyright....:
product......: Visual Process Logger Deluxe Professional 32-Bit Enterprise Edition Plus Plus Turbo Enhanced
description..: Exciting Windows Process Logging Technolgy.
original name:
internal name: Chupacabra
file version.: 1.1.3.1
comments.....: Specify number of minutes to run on the command line, defaul is 15. Results are logged to the file process.log in the Windows temp directory.
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x3E31A407 (Fri Jan 24 20:37:27 2003)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x58000, 0x58000, 6.52, e12d8a7cd35708acd1d39354c700c639
.data, 0x59000, 0xB000, 0x6400, 4.96, badc5d0c0450634540d2c48bcdfccc09
.tls, 0x64000, 0x1000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.rdata, 0x65000, 0x1000, 0x200, 0.21, b2a34b9a80a0b83d5587b42bab27b4a0
.idata, 0x66000, 0x3000, 0x2600, 4.99, b58254a3d441218d79a01af5621559ce
.edata, 0x69000, 0x1000, 0x600, 4.21, a32dcfc602443779dbb0c21ce97e6e9e
.rsrc, 0x6A000, 0x6000, 0x5800, 4.26, 7372e035b18245a713c4c13bcef09c9c
.reloc, 0x70000, 0x7000, 0x6200, 6.62, 1fe085f5793431e11f23add760e6fbf3

[[ 9 import(s) ]]
ADVAPI32.DLL: RegCloseKey, RegOpenKeyExA, RegQueryValueExA
KERNEL32.DLL: CloseHandle, CompareStringA, CreateEventA, CreateFileA, CreateThread, CreateToolhelp32Snapshot, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, FindClose, FindFirstFileA, FindResourceA, FormatMessageA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetEnvironmentStrings, GetFileAttributesA, GetFileSize, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetStringTypeW, GetSystemDefaultLangID, GetSystemInfo, GetTempPathA, GetThreadLocale, GetTickCount, GetUserDefaultLCID, GetVersion, GetVersionExA, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalFree, GlobalHandle, GlobalLock, GlobalReAlloc, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, IsValidLocale, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadResource, LocalAlloc, LocalFree, LockResource, MulDiv, MultiByteToWideChar, Process32First, Process32Next, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetErrorMode, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcpyA, lstrcpynA, lstrlenA
VERSION.DLL: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
COMCTL32.DLL: ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_SetIconSize, ImageList_Write, ImageList_DrawEx
GDI32.DLL: BitBlt, CopyEnhMetaFileA, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreatePalette, CreatePenIndirect, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, ExcludeClipRect, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectA, GetPaletteEntries, GetPixel, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextExtentPointA, GetTextMetricsA, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, PlayEnhMetaFile, RealizePalette, RectVisible, Rectangle, RestoreDC, SaveDC, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetEnhMetaFileBits, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportOrgEx, SetWinMetaFileBits, SetWindowOrgEx, StretchBlt, UnrealizeObject
SHELL32.DLL: ShellExecuteA
USER32.DLL: ActivateKeyboardLayout, AdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CharNextA, CheckMenuItem, ClientToScreen, CreateIcon, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, EnableMenuItem, EnableScrollBar, EnableWindow, EndPaint, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClientRect, GetClipboardData, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextA, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetPropA, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, IntersectRect, InvalidateRect, IsChild, IsDialogMessageA, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadKeyboardLayoutA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBoxA, OemToCharA, OffsetRect, PeekMessageA, PostMessageA, PostQuitMessage, PtInRect, RegisterClassA, RegisterClipboardFormatA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, SendMessageA, SetActiveWindow, SetCapture, SetClassLongA, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint, wsprintfA, GetSystemMenu
OLE32.DLL: IsEqualGUID
OLEAUT32.DLL: SysAllocStringLen, SysFreeString, SysReAllocStringLen, SysStringLen, VariantChangeTypeEx, VariantClear, VariantCopyInd

[[ 26 export(s) ]]
@$xp$11TExeVersion, @@Exever@Finalize, @@Exever@Initialize, @@Mainform@Finalize, @@Mainform@Initialize, @Exever@Register$qqrv, @TExeVersion@, @TExeVersion@$bctr$qqrp18Classes@TComponent, @TExeVersion@GetBuild$qqrv, @TExeVersion@GetComments$qqrv, @TExeVersion@GetCompanyName$qqrv, @TExeVersion@GetFileDescription$qqrv, @TExeVersion@GetFileVersion$qqrv, @TExeVersion@GetFileVersionField$qqrpct1t1ipul, @TExeVersion@GetInternalName$qqrv, @TExeVersion@GetLegalCopyright$qqrv, @TExeVersion@GetLegalTrademarks$qqrv, @TExeVersion@GetMajorVersion$qqrv, @TExeVersion@GetMinorVersion$qqrv, @TExeVersion@GetOriginalFilename$qqrv, @TExeVersion@GetProductName$qqrv, @TExeVersion@GetProductVersion$qqrv, @TExeVersion@GetRelease$qqrv, _FormMain, __GetExceptDLLinfo, ___CPPdebugHook

ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 360448
Comments: Specify number of minutes to run on the command line, defaul is 15. Results are logged to the file process.log in the Windows temp directory.
CompanyName: Hewlett-Packard
EntryPoint: 0x1000
FileDescription: Exciting Windows Process Logging Technolgy.
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 437 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1.1.3.1
FileVersionNumber: 1.1.3.1
ImageVersion: 0.0
InitializedDataSize: 45056
InternalName: Chupacabra
LanguageCode: English (U.S.)
LegalCopyright:
LegalTrademarks:
LinkerVersion: 5.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename:
PEType: PE32
ProductName: Visual Process Logger Deluxe Professional 32-Bit Enterprise Edition Plus Plus Turbo Enhanced
ProductVersion: 1.0.0.0
ProductVersionNumber: 1.1.3.1
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2003:01:24 21:37:27+01:00
UninitializedDataSize: 0



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
05-Oct-2011, 08:35 PM #44
OK, that alert from Avast boot scan is a FP (false positive) have a read Here for confirmation.

Try SP3 again as per the instruction at the end of post #40
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
05-Oct-2011, 10:26 PM #45
I tried again.....and got the below Copy Error

Setup cannot copy the file proquota.exe

Ensure that the location specified below is correct, or change it and insert Windows XP System Files in the drive you specify.

Copy file from c:\windows\system32\dllcache
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑