Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Computer Very Slow - Possible Multiple Virus Infections?

(In Progress)
(!)

endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
20-Sep-2011, 07:44 AM #1
Computer Very Slow - Possible Multiple Virus Infections?
I have Windows XP SP2. My computer response time to opening applications is very slow and the computer seems to run all the time when it is not being used. I do not have any popups, windows errors, etc. I run MalwareBytes, Super Anti Spyware, XoftSpy, and RegCure but it has not picked anything up. A friend told me how to look at the Event Viewer and it shows quite a few errors such as MDM, NativeWrapper, MsiInstaller and Application Hang which I've been told may be viruses.

I have included the hijackthis log and DDS logs. I tried to run GMER, but it seemd to just keep running on forever (not sure if that is normal or not).

I hope someone can help me. Thanks in advance....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:10:06 PM, on 9/19/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\XoftSpySE6\XoftSpySE.exe
C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\TechSmith\SnagIt\SnagIt32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1252085986765
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet...tInstaller.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://evpn1a.external.lmco.com/dan...etupClient.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8217 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 19:11:50 on 2011-09-19
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.79 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\XoftSpySE6\XoftSpySE.exe
C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\TechSmith\SnagIt\SnagIt32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\prxtbDVD0.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: DVDVideoSoftTB Findbar: {b5442470-cbc3-4eeb-a552-41327e54ac20} - c:\program files\dvdvideosoft\prxtbDVD0.dll
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252085986765
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://evpn1a.external.lmco.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ED2F7A16-D0F6-4036-8BFE-0582E705B60F} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]
S0 ixkax;ixkax;c:\windows\system32\drivers\trri.sys --> c:\windows\system32\drivers\trri.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32. sys --> c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-10-19 1527900]
.
=============== Created Last 30 ================
.
2011-09-19 20:53:13 -------- d-----w- c:\windows\LMI179.tmp
2011-09-19 20:50:29 -------- d-----w- c:\program files\common files\XoftSpySE
.
==================== Find3M ====================
.
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2009-10-16 00:21:24 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41:46 19918 ----a-w- c:\program files\common files\wyka.dll
.
============= FINISH: 19:13:27.43 ===============
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 56,888 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
20-Sep-2011, 09:18 AM #2
Your computer appears to be infected.

Windows XP SP2 hasn't been upgraded to SP3, so your computer is lacking several security-related updates and fixes.

There doesn't appear to be any full-time antivirus program installed and running.

The use of RegCure and any other registry "cleaners" that you're using has probably damaged the Windows operating system and broken some of your programs.

-----------------------------------------------------

Unless a gold shield expert in this forum is able to assist you, my advice to you is to format the hard drive and do a clean reinstall of Windows XP and get a fresh start.

------------------------------------------------------
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
20-Sep-2011, 01:16 PM #3
Is there a gold shield expert who can help with this issue?
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 56,888 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
20-Sep-2011, 04:12 PM #4
Quote:
Originally Posted by endofwits View Post
Is there a gold shield expert who can help with this issue?
This section is VERY busy, so you may not get a reply from one for 24 - 48 hours.

If you haven't gotten a reply from one by then, I'll do what I can for you.

--------------------------------------------------------
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
20-Sep-2011, 04:37 PM #5
Run the following :-

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Next,

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Let me see those two logs, also the second log from DDS, Attach.txt.

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
20-Sep-2011, 11:17 PM #6
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-BRVBB-38MQ9-3PMFT
Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
Windows Product ID: 76477-OEM-2111907-00106
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {7C172ECE-F1D3-4BC5-B8CD-7EA78EE5DE41}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7C172ECE-F1D3-4BC5-B8CD-7EA78EE5DE41}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>76477-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-791610336-1837458989-1263303080</SID><SYSTEM><Manufacturer>Compaq Presario 061</Manufacturer><Model>PW534AA-ABA SR1417CL NA520</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.07</Version><SMBIOSVersion major="2" minor="3"/><Date>20050110000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>C7253ED70184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Compaq</name><model>Presario</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{91E30409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>78623CB2241A5A2</Val><Hash>lB9FUnTh+rGjRlUEWb1Z2t4L3Cs=</Hash><Pid>73931-721-9090433-57231</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/><App Id="A1" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: E06B:Compaq Computer Corporation|1085F:Compaq Computer Corporation|E10D:Compaq Computer Corporation|108FD:Compaq Computer Corporation|108FD:Compaq Computer Corporation|E10D:Hewlett-Packard Company|1DB10:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: HP PAVILION

OEM Activation 2.0 Data-->
N/A


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.PKABWU
----- EOF -----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/22/2009 2:15:54 PM
System Uptime: 9/16/2011 7:22:39 AM (84 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Sempron(tm) Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 25.062 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.379 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: SiS 760
Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
Manufacturer: SiS
Name: SiS 760
PNP Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
Service: SiS315
.
==== System Restore Points ===================
.
RP924: 7/12/2011 12:00:34 AM - Software Distribution Service 3.0
RP925: 7/13/2011 12:00:39 AM - Software Distribution Service 3.0
RP926: 7/14/2011 12:01:02 AM - Software Distribution Service 3.0
RP927: 7/14/2011 8:38:59 PM - Software Distribution Service 3.0
RP928: 7/14/2011 9:02:01 PM - Installed Windows Internet Explorer 8.
RP929: 7/14/2011 9:03:23 PM - Software Distribution Service 3.0
RP930: 7/15/2011 12:00:40 AM - Software Distribution Service 3.0
RP931: 7/16/2011 12:00:40 AM - Software Distribution Service 3.0
RP932: 7/17/2011 12:00:50 AM - Software Distribution Service 3.0
RP933: 7/18/2011 12:00:43 AM - Software Distribution Service 3.0
RP934: 7/19/2011 12:00:32 AM - Software Distribution Service 3.0
RP935: 7/20/2011 12:00:50 AM - Software Distribution Service 3.0
RP936: 7/20/2011 5:19:12 PM - Installed WeatherBug
RP937: 7/21/2011 12:00:50 AM - Software Distribution Service 3.0
RP938: 7/22/2011 12:00:52 AM - Software Distribution Service 3.0
RP939: 7/23/2011 12:00:37 AM - Software Distribution Service 3.0
RP940: 7/23/2011 9:49:53 AM - Removed WeatherBug
RP941: 7/24/2011 12:02:13 AM - Software Distribution Service 3.0
RP942: 7/25/2011 12:00:53 AM - Software Distribution Service 3.0
RP943: 7/26/2011 12:04:20 AM - Software Distribution Service 3.0
RP944: 7/27/2011 12:00:34 AM - Software Distribution Service 3.0
RP945: 7/28/2011 12:00:32 AM - Software Distribution Service 3.0
RP946: 7/29/2011 12:00:34 AM - Software Distribution Service 3.0
RP947: 7/30/2011 12:00:35 AM - Software Distribution Service 3.0
RP948: 7/31/2011 12:00:37 AM - Software Distribution Service 3.0
RP949: 8/1/2011 12:00:35 AM - Software Distribution Service 3.0
RP950: 8/2/2011 12:00:41 AM - Software Distribution Service 3.0
RP951: 8/3/2011 12:00:51 AM - Software Distribution Service 3.0
RP952: 8/4/2011 12:00:32 AM - Software Distribution Service 3.0
RP953: 8/5/2011 12:01:52 AM - Software Distribution Service 3.0
RP954: 8/6/2011 12:00:57 AM - Software Distribution Service 3.0
RP955: 8/7/2011 12:00:31 AM - Software Distribution Service 3.0
RP956: 8/8/2011 12:05:47 AM - Software Distribution Service 3.0
RP957: 8/9/2011 12:00:37 AM - Software Distribution Service 3.0
RP958: 8/10/2011 12:00:34 AM - Software Distribution Service 3.0
RP959: 8/11/2011 12:05:08 AM - Software Distribution Service 3.0
RP960: 8/12/2011 12:01:12 AM - Software Distribution Service 3.0
RP961: 8/12/2011 10:06:48 PM - Installed WeatherBug
RP962: 8/13/2011 12:00:35 AM - Software Distribution Service 3.0
RP963: 8/13/2011 11:39:27 AM - Removed WeatherBug
RP964: 8/14/2011 12:00:34 AM - Software Distribution Service 3.0
RP965: 8/15/2011 12:06:15 AM - Software Distribution Service 3.0
RP966: 8/16/2011 12:00:39 AM - Software Distribution Service 3.0
RP967: 8/17/2011 12:00:31 AM - Software Distribution Service 3.0
RP968: 8/18/2011 12:00:39 AM - Software Distribution Service 3.0
RP969: 8/19/2011 12:00:55 AM - Software Distribution Service 3.0
RP970: 8/20/2011 12:00:42 AM - Software Distribution Service 3.0
RP971: 8/21/2011 12:00:38 AM - Software Distribution Service 3.0
RP972: 8/22/2011 12:00:37 AM - Software Distribution Service 3.0
RP973: 8/23/2011 12:00:38 AM - Software Distribution Service 3.0
RP974: 8/24/2011 12:00:38 AM - Software Distribution Service 3.0
RP975: 8/25/2011 12:00:48 AM - Software Distribution Service 3.0
RP976: 8/26/2011 12:00:34 AM - Software Distribution Service 3.0
RP977: 8/27/2011 12:00:47 AM - Software Distribution Service 3.0
RP978: 8/28/2011 12:00:37 AM - Software Distribution Service 3.0
RP979: 8/29/2011 12:00:35 AM - Software Distribution Service 3.0
RP980: 8/30/2011 12:00:34 AM - Software Distribution Service 3.0
RP981: 8/31/2011 12:02:49 AM - Software Distribution Service 3.0
RP982: 9/1/2011 12:00:35 AM - Software Distribution Service 3.0
RP983: 9/2/2011 12:00:45 AM - Software Distribution Service 3.0
RP984: 9/3/2011 12:00:40 AM - Software Distribution Service 3.0
RP985: 9/4/2011 12:00:37 AM - Software Distribution Service 3.0
RP986: 9/5/2011 12:00:36 AM - Software Distribution Service 3.0
RP987: 9/6/2011 12:00:38 AM - Software Distribution Service 3.0
RP988: 9/7/2011 12:00:33 AM - Software Distribution Service 3.0
RP989: 9/8/2011 12:00:46 AM - Software Distribution Service 3.0
RP990: 9/9/2011 12:00:44 AM - Software Distribution Service 3.0
RP991: 9/10/2011 12:00:31 AM - Software Distribution Service 3.0
RP992: 9/11/2011 12:02:10 AM - Software Distribution Service 3.0
RP993: 9/12/2011 12:00:38 AM - Software Distribution Service 3.0
RP994: 9/13/2011 12:03:20 AM - Software Distribution Service 3.0
RP995: 9/14/2011 12:00:51 AM - Software Distribution Service 3.0
RP996: 9/15/2011 4:35:40 AM - System Checkpoint
RP997: 9/16/2011 12:01:01 AM - Software Distribution Service 3.0
RP998: 9/17/2011 12:00:45 AM - Software Distribution Service 3.0
RP999: 9/18/2011 12:00:45 AM - Software Distribution Service 3.0
RP1000: 9/19/2011 12:00:45 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Age of Empires III
Age of Mythology
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
Ask Toolbar
AT&T Service & Support Tool
att.net Internet Mail
att.net Toolbar
Audacity 1.2.6
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compaq Organize
Compatibility Pack for the 2007 Office system
Conduit Engine
Content Transfer
ConvertXtoDVD 2.2.3.258
ConvertXtoDVD 4.1.2.336
CopyTrans Suite Remove Only
Easy Internet Sign-up
Emicsoft iPod Manager
Express Burn
Fast Search by Surf Canyon
Firebird SQL Server - MAGIX Edition
Free Audio CD Burner version 1.4.7
Free Audio Converter version 1.2
Free Easy Burner V 1.2.43
Free YouTube To MP3 Converter 4.2.2
FrostWire 5.0.7
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HpSdpAppCoreApp
InfraRecorder
InterVideo DiscLabel
InterVideo WinDVD Creator
ISO Image Burner 1.1
IsoBuster 2.8
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
K-Lite Codec Pack 4.0.0 (Full)
Logitech Desktop Messenger
MAGIX Music Maker 15 Trial 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaWidget 6.0
MetaProducts Mass Downloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
Primo
QuickTime
RCA Detective™ 3.0.1.1
RCA easyRip 2.5.2.0
RCA Updater 2.0.5.0
RegCure
Runtime
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SiS VGA Utilities
SnagIt 5
Sonic Express Labeler
Sonic RecordNow!
Sony Picture Utility
SUPERAntiSpyware
Switch Sound File Converter
Text-To-Speech-Runtime
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VoiceOver Kit
vShare Plugin
WebFldrs XP
WinAVI All in One Converter
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
WinX Free PSP Video Converter 3.2.18
Wondershare DVD to Walkman Converter(Build 3.8.0)
Wondershare Video to Walkman Converter(Build 4.2.0.56)
Wondershare Walkman Video Suite(Build 4.0.3.1)
XoftSpySE
Yahoo! Software Update
YouTube Downloader 2.5.7
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
9/19/2011 12:00:53 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/18/2011 12:00:54 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/17/2011 12:03:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
9/17/2011 12:01:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007007e: Security Update for Windows XP (KB958470).
9/17/2011 12:00:56 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/16/2011 7:24:50 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
9/16/2011 7:24:50 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/16/2011 7:23:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
9/16/2011 7:23:27 AM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/16/2011 7:23:27 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
9/16/2011 7:23:27 AM, error: Service Control Manager [7000] - The Process Monitor service failed to start due to the following error: The system cannot find the file specified.
9/16/2011 10:41:31 PM, error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: The system cannot find the file specified.
9/16/2011 10:41:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Sep-2011, 02:34 AM #7
Thanks for the logs, do the following :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
21-Sep-2011, 07:05 PM #8
ComboFix 11-09-21.04 - Compaq_Owner 09/21/2011 17:18:39.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.202 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Gotcha.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\SL132F.tmp.906f2ba.ini
c:\documents and settings\test\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\test\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\d3d9caps.dat
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-09_23.20.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-20 02:17 . 2011-09-20 02:17 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2011-09-20 02:16 . 2011-09-20 02:16 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
+ 2010-07-28 22:49 . 2011-09-16 05:04 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-09-16 05:04 . 2011-09-16 05:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-06-16 05:05 . 2011-06-16 05:05 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-12 17:24 . 2011-08-12 17:24 1680384 c:\windows\Installer\e2edf02.msi
+ 2011-07-26 18:50 . 2011-07-26 18:50 5522432 c:\windows\Installer\6651b71.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\446e9cd.msp
+ 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\446e9ae.msp
+ 2011-08-16 17:35 . 2011-08-16 17:35 5519872 c:\windows\Installer\446e992.msp
+ 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\446e97c.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\446e973.msp
+ 2009-08-17 23:38 . 2009-08-17 23:38 8554872 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\ 12.0.6514\OARTCONV.DLL
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\446e9c4.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 22:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2009-12-06 12:59 217088 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2010-09-29 4861720]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-09-02 12:48 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5212:TCP"= 5212:TCP:Services
"8924:TCP"= 8924:TCP:Services
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 1:00 PM 14336]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/3/2010 8:44 AM 47360]
R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.s ys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S0 ixkax;ixkax;c:\windows\system32\drivers\trri.sys --> c:\windows\system32\drivers\trri.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/19/2009 8:42 AM 1527900]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-20 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2011-09-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2011-09-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-09-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
.
2011-09-21 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-PS2 - c:\windows\system32\ps2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 17:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-09-21 17:55:17
ComboFix-quarantined-files.txt 2011-09-21 22:54
ComboFix2.txt 2011-08-10 00:00
ComboFix3.txt 2011-08-09 23:29
ComboFix4.txt 2011-03-27 23:31
ComboFix5.txt 2011-09-21 22:11
.
Pre-Run: 26,941,362,176 bytes free
Post-Run: 27,165,782,016 bytes free
.
- - End Of File - - 247342B5C369243F08BEC0353DF0AD58
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
22-Sep-2011, 02:20 AM #9
Thanks for the new logs, do the following :-

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\trri.sys
Folder::
c:\program files\Celebrity Toolbar
c:\program files\ConduitEngine
c:\program files\Ask.com
Driver::
ixkax
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=- 
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] 
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"5212:TCP"=-
"8924:TCP"=-
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Go Here download, install, update and run Avast, let me know if it finds anything....

Let me see the results from Combofix and Avast in your reply...

Kevin
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
22-Sep-2011, 08:57 PM #10
ComboFix 11-09-22.03 - Compaq_Owner 09/22/2011 18:17:15.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.256 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\trri.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_2c.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
.
.
2011-09-22 15:52 . 2011-09-22 15:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sammsoft
2011-09-22 15:50 . 2011-09-22 15:51 -------- d-----w- c:\program files\ARO 2011
2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-09_23.20.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-09 23:18 . 2011-08-09 23:18 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-22 18:43 . 2011-09-22 22:48 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-22 23:45 . 2011-09-22 23:45 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2011-09-22 23:45 . 2011-09-22 23:45 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
- 2011-08-09 23:18 . 2011-08-09 23:18 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-09-22 18:43 . 2011-09-22 22:48 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-09-22 18:43 . 2011-09-22 22:48 16384 c:\windows\Temp\Cookies\index.dat
- 2011-08-09 23:18 . 2011-08-09 23:18 16384 c:\windows\Temp\Cookies\index.dat
- 2010-07-28 22:49 . 2011-07-14 05:02 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-09-16 05:04 . 2011-09-16 05:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-06-16 05:05 . 2011-06-16 05:05 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-07-28 22:49 . 2011-07-14 05:02 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-07-28 22:49 . 2011-09-16 05:04 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-09-22 15:51 . 2011-09-22 15:51 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-08-12 17:24 . 2011-08-12 17:24 1680384 c:\windows\Installer\e2edf02.msi
+ 2011-07-26 18:50 . 2011-07-26 18:50 5522432 c:\windows\Installer\6651b71.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\446e9cd.msp
+ 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\446e9ae.msp
+ 2011-08-16 17:35 . 2011-08-16 17:35 5519872 c:\windows\Installer\446e992.msp
+ 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\446e97c.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\446e973.msp
+ 2011-09-22 15:51 . 2011-09-22 15:52 2249216 c:\windows\Installer\3aa778.msi
+ 2009-08-17 23:38 . 2009-08-17 23:38 8554872 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\ 12.0.6514\OARTCONV.DLL
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\446e9c4.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2010-09-29 4861720]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-09-02 12:48 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5212:TCP"= 5212:TCP:Services
"8924:TCP"= 8924:TCP:Services
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 1:00 PM 14336]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/3/2010 8:44 AM 47360]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/19/2009 8:42 AM 1527900]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-22 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2011-09-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2011-09-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-09-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
.
2011-09-21 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-22 18:56
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\sm56hlpr.exe
c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe
.
**************************************************************************
.
Completion time: 2011-09-22 19:13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 00:13
ComboFix2.txt 2011-09-22 15:07
ComboFix3.txt 2011-09-21 22:55
ComboFix4.txt 2011-08-10 00:00
ComboFix5.txt 2011-09-22 23:10
.
Pre-Run: 26,864,717,824 bytes free
Post-Run: 26,850,533,376 bytes free
.
- - End Of File - - B333AD01A7903AEFD6477A98044786B1


There were errors when I ran AVAST, but when I tried to export the reports to put here I couldn't get anything.I couldn't copy or paste anything either....
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Sep-2011, 02:14 AM #11
If Avast dealt with the errors and you have no remaining issues do the following :-

Please go to the following link and download the full installer for SP3: Here

Save the installer to your Desktop.

Do not install it yet

Re-boot your system into Safe Mode, run the SP3 installer. When complete re-boot to Normal Mode, run the following:

Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin..
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
24-Sep-2011, 11:24 AM #12
Not sure what you mean by AVAST dealing with errors - I just ran the program and it showed multiple errors - I did not tell it to "fix" anything (supposedly it would only fix 100 of them on the free version and there were more than that). Should I still do the last steps you posted?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
24-Sep-2011, 08:00 PM #13
Avast free version has no restrictions and should kill any and all infections that it finds.... maybe error was a bad choice of words from me, I actually meant infection/s. If Avast found many infections let it kill them all if possible. It is no good progressing to SP3 until we know for sure that your PC is clean.

See if this Online Scanner will run and produce a log:

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see the log from ESET in your reply...
endofwits's Avatar
endofwits endofwits is offline
Member with 83 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Computer Illiterate
25-Sep-2011, 05:47 AM #14
C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-3a89176f a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\60\5c2bd6bc-3ef6d2d6 probably a variant of Win32/Agent.FQRCZBA trojan
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache8380276680189899400.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,450 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
25-Sep-2011, 07:03 AM #15
Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Services
    :Files
    netsh firewall reset /c
    ipconfig /flushdns /c
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]
    [ClearAllRestorePoints]
    [Reboot]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see the log from OTM, also tell me how your system is responding and what issues/concerns remain....

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑