1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Very Slow - Possible Multiple Virus Infections?

Discussion in 'Virus & Other Malware Removal' started by endofwits, Sep 20, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    I have Windows XP SP2. My computer response time to opening applications is very slow and the computer seems to run all the time when it is not being used. I do not have any popups, windows errors, etc. I run MalwareBytes, Super Anti Spyware, XoftSpy, and RegCure but it has not picked anything up. A friend told me how to look at the Event Viewer and it shows quite a few errors such as MDM, NativeWrapper, MsiInstaller and Application Hang which I've been told may be viruses.

    I have included the hijackthis log and DDS logs. I tried to run GMER, but it seemd to just keep running on forever (not sure if that is normal or not).

    I hope someone can help me. Thanks in advance....

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:10:06 PM, on 9/19/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\XoftSpySE6\XoftSpySE.exe
    C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\TechSmith\SnagIt\SnagIt32.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll
    F2 - REG:system.ini: Shell=
    F2 - REG:system.ini: UserInit=
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll
    O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
    O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
    O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252085986765
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://evpn1a.external.lmco.com/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll
    O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8217 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Compaq_Owner at 19:11:50 on 2011-09-19
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.79 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\XoftSpySE6\XoftSpySE.exe
    C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
    C:\Program Files\TechSmith\SnagIt\SnagIt32.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://login.yahoo.com/config/mail?.intl=us
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\prxtbDVD0.dll
    TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: DVDVideoSoftTB Findbar: {b5442470-cbc3-4eeb-a552-41327e54ac20} - c:\program files\dvdvideosoft\prxtbDVD0.dll
    StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
    IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
    IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
    IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    Trusted Zone: $talisma_url$
    Trusted Zone: intuit.com\ttlc
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252085986765
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://evpn1a.external.lmco.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{ED2F7A16-D0F6-4036-8BFE-0582E705B60F} : DhcpNameServer = 192.168.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]
    S0 ixkax;ixkax;c:\windows\system32\drivers\trri.sys --> c:\windows\system32\drivers\trri.sys [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-10-19 1527900]
    .
    =============== Created Last 30 ================
    .
    2011-09-19 20:53:13 -------- d-----w- c:\windows\LMI179.tmp
    2011-09-19 20:50:29 -------- d-----w- c:\program files\common files\XoftSpySE
    .
    ==================== Find3M ====================
    .
    2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
    2009-10-16 00:21:24 4375672 ----a-w- c:\program files\vmplayer.exe
    2009-09-16 00:41:46 19918 ----a-w- c:\program files\common files\wyka.dll
    .
    ============= FINISH: 19:13:27.43 ===============
     
  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    Your computer appears to be infected.

    Windows XP SP2 hasn't been upgraded to SP3, so your computer is lacking several security-related updates and fixes.

    There doesn't appear to be any full-time antivirus program installed and running.

    The use of RegCure and any other registry "cleaners" that you're using has probably damaged the Windows operating system and broken some of your programs.

    -----------------------------------------------------

    Unless a gold shield expert in this forum is able to assist you, my advice to you is to format the hard drive and do a clean reinstall of Windows XP and get a fresh start.

    ------------------------------------------------------
     
  3. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    Is there a gold shield expert who can help with this issue?
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    This section is VERY busy, so you may not get a reply from one for 24 - 48 hours.

    If you haven't gotten a reply from one by then, I'll do what I can for you.

    --------------------------------------------------------
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Run the following :-

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Next,

    Download CKScanner from here

    Important : Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    Let me see those two logs, also the second log from DDS, Attach.txt.

    Kevin
     
  6. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-BRVBB-38MQ9-3PMFT
    Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
    Windows Product ID: 76477-OEM-2111907-00106
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    ID: {7C172ECE-F1D3-4BC5-B8CD-7EA78EE5DE41}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7C172ECE-F1D3-4BC5-B8CD-7EA78EE5DE41}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>76477-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-791610336-1837458989-1263303080</SID><SYSTEM><Manufacturer>Compaq Presario 061</Manufacturer><Model>PW534AA-ABA SR1417CL NA520</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.07</Version><SMBIOSVersion major="2" minor="3"/><Date>20050110000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>C7253ED70184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Compaq</name><model>Presario</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{91E30409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>78623CB2241A5A2</Val><Hash>lB9FUnTh+rGjRlUEWb1Z2t4L3Cs=</Hash><Pid>73931-721-9090433-57231</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/><App Id="A1" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: E06B:Compaq Computer Corporation|1085F:Compaq Computer Corporation|E10D:Compaq Computer Corporation|108FD:Compaq Computer Corporation|108FD:Compaq Computer Corporation|E10D:Hewlett-Packard Company|1DB10:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: HP PAVILION

    OEM Activation 2.0 Data-->
    N/A


    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.PKABWU
    ----- EOF -----

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/22/2009 2:15:54 PM
    System Uptime: 9/16/2011 7:22:39 AM (84 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Salmon
    Processor: AMD Sempron(tm) Processor 3000+ | Socket 754 | 1808/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 107 GiB total, 25.062 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 0.379 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: SiS 760
    Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
    Manufacturer: SiS
    Name: SiS 760
    PNP Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
    Service: SiS315
    .
    ==== System Restore Points ===================
    .
    RP924: 7/12/2011 12:00:34 AM - Software Distribution Service 3.0
    RP925: 7/13/2011 12:00:39 AM - Software Distribution Service 3.0
    RP926: 7/14/2011 12:01:02 AM - Software Distribution Service 3.0
    RP927: 7/14/2011 8:38:59 PM - Software Distribution Service 3.0
    RP928: 7/14/2011 9:02:01 PM - Installed Windows Internet Explorer 8.
    RP929: 7/14/2011 9:03:23 PM - Software Distribution Service 3.0
    RP930: 7/15/2011 12:00:40 AM - Software Distribution Service 3.0
    RP931: 7/16/2011 12:00:40 AM - Software Distribution Service 3.0
    RP932: 7/17/2011 12:00:50 AM - Software Distribution Service 3.0
    RP933: 7/18/2011 12:00:43 AM - Software Distribution Service 3.0
    RP934: 7/19/2011 12:00:32 AM - Software Distribution Service 3.0
    RP935: 7/20/2011 12:00:50 AM - Software Distribution Service 3.0
    RP936: 7/20/2011 5:19:12 PM - Installed WeatherBug
    RP937: 7/21/2011 12:00:50 AM - Software Distribution Service 3.0
    RP938: 7/22/2011 12:00:52 AM - Software Distribution Service 3.0
    RP939: 7/23/2011 12:00:37 AM - Software Distribution Service 3.0
    RP940: 7/23/2011 9:49:53 AM - Removed WeatherBug
    RP941: 7/24/2011 12:02:13 AM - Software Distribution Service 3.0
    RP942: 7/25/2011 12:00:53 AM - Software Distribution Service 3.0
    RP943: 7/26/2011 12:04:20 AM - Software Distribution Service 3.0
    RP944: 7/27/2011 12:00:34 AM - Software Distribution Service 3.0
    RP945: 7/28/2011 12:00:32 AM - Software Distribution Service 3.0
    RP946: 7/29/2011 12:00:34 AM - Software Distribution Service 3.0
    RP947: 7/30/2011 12:00:35 AM - Software Distribution Service 3.0
    RP948: 7/31/2011 12:00:37 AM - Software Distribution Service 3.0
    RP949: 8/1/2011 12:00:35 AM - Software Distribution Service 3.0
    RP950: 8/2/2011 12:00:41 AM - Software Distribution Service 3.0
    RP951: 8/3/2011 12:00:51 AM - Software Distribution Service 3.0
    RP952: 8/4/2011 12:00:32 AM - Software Distribution Service 3.0
    RP953: 8/5/2011 12:01:52 AM - Software Distribution Service 3.0
    RP954: 8/6/2011 12:00:57 AM - Software Distribution Service 3.0
    RP955: 8/7/2011 12:00:31 AM - Software Distribution Service 3.0
    RP956: 8/8/2011 12:05:47 AM - Software Distribution Service 3.0
    RP957: 8/9/2011 12:00:37 AM - Software Distribution Service 3.0
    RP958: 8/10/2011 12:00:34 AM - Software Distribution Service 3.0
    RP959: 8/11/2011 12:05:08 AM - Software Distribution Service 3.0
    RP960: 8/12/2011 12:01:12 AM - Software Distribution Service 3.0
    RP961: 8/12/2011 10:06:48 PM - Installed WeatherBug
    RP962: 8/13/2011 12:00:35 AM - Software Distribution Service 3.0
    RP963: 8/13/2011 11:39:27 AM - Removed WeatherBug
    RP964: 8/14/2011 12:00:34 AM - Software Distribution Service 3.0
    RP965: 8/15/2011 12:06:15 AM - Software Distribution Service 3.0
    RP966: 8/16/2011 12:00:39 AM - Software Distribution Service 3.0
    RP967: 8/17/2011 12:00:31 AM - Software Distribution Service 3.0
    RP968: 8/18/2011 12:00:39 AM - Software Distribution Service 3.0
    RP969: 8/19/2011 12:00:55 AM - Software Distribution Service 3.0
    RP970: 8/20/2011 12:00:42 AM - Software Distribution Service 3.0
    RP971: 8/21/2011 12:00:38 AM - Software Distribution Service 3.0
    RP972: 8/22/2011 12:00:37 AM - Software Distribution Service 3.0
    RP973: 8/23/2011 12:00:38 AM - Software Distribution Service 3.0
    RP974: 8/24/2011 12:00:38 AM - Software Distribution Service 3.0
    RP975: 8/25/2011 12:00:48 AM - Software Distribution Service 3.0
    RP976: 8/26/2011 12:00:34 AM - Software Distribution Service 3.0
    RP977: 8/27/2011 12:00:47 AM - Software Distribution Service 3.0
    RP978: 8/28/2011 12:00:37 AM - Software Distribution Service 3.0
    RP979: 8/29/2011 12:00:35 AM - Software Distribution Service 3.0
    RP980: 8/30/2011 12:00:34 AM - Software Distribution Service 3.0
    RP981: 8/31/2011 12:02:49 AM - Software Distribution Service 3.0
    RP982: 9/1/2011 12:00:35 AM - Software Distribution Service 3.0
    RP983: 9/2/2011 12:00:45 AM - Software Distribution Service 3.0
    RP984: 9/3/2011 12:00:40 AM - Software Distribution Service 3.0
    RP985: 9/4/2011 12:00:37 AM - Software Distribution Service 3.0
    RP986: 9/5/2011 12:00:36 AM - Software Distribution Service 3.0
    RP987: 9/6/2011 12:00:38 AM - Software Distribution Service 3.0
    RP988: 9/7/2011 12:00:33 AM - Software Distribution Service 3.0
    RP989: 9/8/2011 12:00:46 AM - Software Distribution Service 3.0
    RP990: 9/9/2011 12:00:44 AM - Software Distribution Service 3.0
    RP991: 9/10/2011 12:00:31 AM - Software Distribution Service 3.0
    RP992: 9/11/2011 12:02:10 AM - Software Distribution Service 3.0
    RP993: 9/12/2011 12:00:38 AM - Software Distribution Service 3.0
    RP994: 9/13/2011 12:03:20 AM - Software Distribution Service 3.0
    RP995: 9/14/2011 12:00:51 AM - Software Distribution Service 3.0
    RP996: 9/15/2011 4:35:40 AM - System Checkpoint
    RP997: 9/16/2011 12:01:01 AM - Software Distribution Service 3.0
    RP998: 9/17/2011 12:00:45 AM - Software Distribution Service 3.0
    RP999: 9/18/2011 12:00:45 AM - Software Distribution Service 3.0
    RP1000: 9/19/2011 12:00:45 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Age of Empires III
    Age of Mythology
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE v.6.80
    Ask Toolbar
    AT&T Service & Support Tool
    att.net Internet Mail
    att.net Toolbar
    Audacity 1.2.6
    AVS Audio Converter version 6.1
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Compaq Organize
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Content Transfer
    ConvertXtoDVD 2.2.3.258
    ConvertXtoDVD 4.1.2.336
    CopyTrans Suite Remove Only
    Easy Internet Sign-up
    Emicsoft iPod Manager
    Express Burn
    Fast Search by Surf Canyon
    Firebird SQL Server - MAGIX Edition
    Free Audio CD Burner version 1.4.7
    Free Audio Converter version 1.2
    Free Easy Burner V 1.2.43
    Free YouTube To MP3 Converter 4.2.2
    FrostWire 5.0.7
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HpSdpAppCoreApp
    InfraRecorder
    InterVideo DiscLabel
    InterVideo WinDVD Creator
    ISO Image Burner 1.1
    IsoBuster 2.8
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Juniper Networks Network Connect 6.5.0
    Juniper Networks Setup Client
    K-Lite Codec Pack 4.0.0 (Full)
    Logitech Desktop Messenger
    MAGIX Music Maker 15 Trial 15.0.1.8 (US)
    MAGIX Screenshare 4.3.6.1987 (US)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MediaWidget 6.0
    MetaProducts Mass Downloader
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Age of Empires II
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Dancer LE
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Report Viewer Redistributable 2008 (KB971118)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Motorola SM56 Speakerphone Modem
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MSXML4 Parser
    Primo
    QuickTime
    RCA Detective™ 3.0.1.1
    RCA easyRip 2.5.2.0
    RCA Updater 2.0.5.0
    RegCure
    Runtime
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    SiS VGA Utilities
    SnagIt 5
    Sonic Express Labeler
    Sonic RecordNow!
    Sony Picture Utility
    SUPERAntiSpyware
    Switch Sound File Converter
    Text-To-Speech-Runtime
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VoiceOver Kit
    vShare Plugin
    WebFldrs XP
    WinAVI All in One Converter
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB890175
    WinX Free PSP Video Converter 3.2.18
    Wondershare DVD to Walkman Converter(Build 3.8.0)
    Wondershare Video to Walkman Converter(Build 4.2.0.56)
    Wondershare Walkman Video Suite(Build 4.0.3.1)
    XoftSpySE
    Yahoo! Software Update
    YouTube Downloader 2.5.7
    Zoo Tycoon: Complete Collection
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/19/2011 12:00:53 AM, error: NtServicePack [4373] - Windows installation failed.
    The specified module could not be found.
    9/18/2011 12:00:54 AM, error: NtServicePack [4373] - Windows installation failed.
    The specified module could not be found.
    9/17/2011 12:03:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
    9/17/2011 12:01:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007007e: Security Update for Windows XP (KB958470).
    9/17/2011 12:00:56 AM, error: NtServicePack [4373] - Windows installation failed.
    The specified module could not be found.
    9/16/2011 7:24:50 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    9/16/2011 7:24:50 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    9/16/2011 7:23:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
    9/16/2011 7:23:27 AM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/16/2011 7:23:27 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    9/16/2011 7:23:27 AM, error: Service Control Manager [7000] - The Process Monitor service failed to start due to the following error: The system cannot find the file specified.
    9/16/2011 10:41:31 PM, error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: The system cannot find the file specified.
    9/16/2011 10:41:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    .
    ==== End Of File ===========================
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Thanks for the logs, do the following :-

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  8. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    ComboFix 11-09-21.04 - Compaq_Owner 09/21/2011 17:18:39.9.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.202 [GMT -5:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\Gotcha.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
    c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\SL132F.tmp.906f2ba.ini
    c:\documents and settings\test\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\test\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
    c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    c:\windows\system32\d3d9caps.dat
    .
    c:\windows\system32\proquota.exe . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
    2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
    2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-08-09_23.20.05 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-09-20 02:17 . 2011-09-20 02:17 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
    + 2011-09-20 02:16 . 2011-09-20 02:16 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
    + 2010-07-28 22:49 . 2011-09-16 05:04 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2011-09-16 05:04 . 2011-09-16 05:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2011-06-16 05:05 . 2011-06-16 05:05 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2011-08-12 17:24 . 2011-08-12 17:24 1680384 c:\windows\Installer\e2edf02.msi
    + 2011-07-26 18:50 . 2011-07-26 18:50 5522432 c:\windows\Installer\6651b71.msp
    + 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\446e9cd.msp
    + 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\446e9ae.msp
    + 2011-08-16 17:35 . 2011-08-16 17:35 5519872 c:\windows\Installer\446e992.msp
    + 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\446e97c.msp
    + 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\446e973.msp
    + 2009-08-17 23:38 . 2009-08-17 23:38 8554872 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\OARTCONV.DLL
    + 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\446e9c4.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-06-16 22:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
    2009-12-06 12:59 217088 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
    "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
    "SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2010-09-29 4861720]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
    .
    c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
    PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    backupExtension=Common Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    backupExtension=Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
    backup=c:\windows\pss\RCA Detective.lnkStartup
    backupExtension=Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
    2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
    2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
    2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-09-02 12:48 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
    2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"= 8085:TCP:GateOKO
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "5212:TCP"= 5212:TCP:Services
    "8924:TCP"= 8924:TCP:Services
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 1:00 PM 14336]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/3/2010 8:44 AM 47360]
    R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S0 ixkax;ixkax;c:\windows\system32\drivers\trri.sys --> c:\windows\system32\drivers\trri.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/19/2009 8:42 AM 1527900]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-20 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
    .
    2011-09-18 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
    .
    2011-09-21 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-09-21 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-08-05 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
    .
    2011-09-21 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://login.yahoo.com/config/mail?.intl=us
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
    IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
    IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: $talisma_url$
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-PS2 - c:\windows\system32\ps2.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-21 17:44
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(812)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-09-21 17:55:17
    ComboFix-quarantined-files.txt 2011-09-21 22:54
    ComboFix2.txt 2011-08-10 00:00
    ComboFix3.txt 2011-08-09 23:29
    ComboFix4.txt 2011-03-27 23:31
    ComboFix5.txt 2011-09-21 22:11
    .
    Pre-Run: 26,941,362,176 bytes free
    Post-Run: 27,165,782,016 bytes free
    .
    - - End Of File - - 247342B5C369243F08BEC0353DF0AD58
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Thanks for the new logs, do the following :-

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    KillAll::
    File::
    c:\windows\system32\drivers\trri.sys
    Folder::
    c:\program files\Celebrity Toolbar
    c:\program files\ConduitEngine
    c:\program files\Ask.com
    Driver::
    ixkax
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"=-
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=- 
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] 
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "8085:TCP"=-
    "65533:TCP"=-
    "52344:TCP"=-
    "5212:TCP"=-
    "8924:TCP"=-
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Go Here download, install, update and run Avast, let me know if it finds anything....

    Let me see the results from Combofix and Avast in your reply...

    Kevin
     
  10. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    ComboFix 11-09-22.03 - Compaq_Owner 09/22/2011 18:17:15.11.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.256 [GMT -5:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe.exe
    Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\drivers\trri.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
    c:\program files\Ask.com
    c:\program files\Ask.com\assets\oobe\b.png
    c:\program files\Ask.com\assets\oobe\bl.png
    c:\program files\Ask.com\assets\oobe\br.png
    c:\program files\Ask.com\assets\oobe\l.png
    c:\program files\Ask.com\assets\oobe\pointer.png
    c:\program files\Ask.com\assets\oobe\r.png
    c:\program files\Ask.com\assets\oobe\t.png
    c:\program files\Ask.com\assets\oobe\tl.png
    c:\program files\Ask.com\assets\oobe\tr.png
    c:\program files\Ask.com\cobrand.ico
    c:\program files\Ask.com\config.xml
    c:\program files\Ask.com\favicon.ico
    c:\program files\Ask.com\fv_2c.ico
    c:\program files\Ask.com\GenericAskToolbar.dll
    c:\program files\Ask.com\mupcfg.xml
    c:\program files\Ask.com\precache.exe
    c:\program files\Ask.com\SaUpdate.exe
    c:\program files\Ask.com\Updater\config.xml
    c:\program files\Ask.com\Updater\Updater.exe
    c:\program files\Ask.com\UpdateTask.exe
    .
    c:\windows\system32\proquota.exe . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-22 15:52 . 2011-09-22 15:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sammsoft
    2011-09-22 15:50 . 2011-09-22 15:51 -------- d-----w- c:\program files\ARO 2011
    2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
    2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
    2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-08-09_23.20.05 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-08-09 23:18 . 2011-08-09 23:18 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2011-09-22 18:43 . 2011-09-22 22:48 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2011-09-22 23:45 . 2011-09-22 23:45 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
    + 2011-09-22 23:45 . 2011-09-22 23:45 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
    - 2011-08-09 23:18 . 2011-08-09 23:18 16384 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-09-22 18:43 . 2011-09-22 22:48 16384 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-09-22 18:43 . 2011-09-22 22:48 16384 c:\windows\Temp\Cookies\index.dat
    - 2011-08-09 23:18 . 2011-08-09 23:18 16384 c:\windows\Temp\Cookies\index.dat
    - 2010-07-28 22:49 . 2011-07-14 05:02 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2011-09-16 05:04 . 2011-09-16 05:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2011-06-16 05:05 . 2011-06-16 05:05 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2010-07-28 22:49 . 2011-07-14 05:02 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2010-07-28 22:49 . 2011-09-16 05:04 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2011-09-22 15:51 . 2011-09-22 15:51 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
    + 2011-08-12 17:24 . 2011-08-12 17:24 1680384 c:\windows\Installer\e2edf02.msi
    + 2011-07-26 18:50 . 2011-07-26 18:50 5522432 c:\windows\Installer\6651b71.msp
    + 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\446e9cd.msp
    + 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\446e9ae.msp
    + 2011-08-16 17:35 . 2011-08-16 17:35 5519872 c:\windows\Installer\446e992.msp
    + 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\446e97c.msp
    + 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\446e973.msp
    + 2011-09-22 15:51 . 2011-09-22 15:52 2249216 c:\windows\Installer\3aa778.msi
    + 2009-08-17 23:38 . 2009-08-17 23:38 8554872 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\OARTCONV.DLL
    + 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\446e9c4.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
    "SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2010-09-29 4861720]
    .
    c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
    PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    backupExtension=Common Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    backupExtension=Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
    backup=c:\windows\pss\RCA Detective.lnkStartup
    backupExtension=Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
    2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
    2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
    2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-09-02 12:48 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
    2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"= 8085:TCP:GateOKO
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "5212:TCP"= 5212:TCP:Services
    "8924:TCP"= 8924:TCP:Services
    "1035:TCP"= 1035:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 1:00 PM 14336]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/3/2010 8:44 AM 47360]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/19/2009 8:42 AM 1527900]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-22 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
    .
    2011-09-18 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
    .
    2011-09-22 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-09-22 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-08-05 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
    .
    2011-09-21 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://login.yahoo.com/config/mail?.intl=us
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
    IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
    IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: $talisma_url$
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
    HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-22 18:56
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(736)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3956)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Juniper Networks\Common Files\dsNcService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\sm56hlpr.exe
    c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-22 19:13:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-23 00:13
    ComboFix2.txt 2011-09-22 15:07
    ComboFix3.txt 2011-09-21 22:55
    ComboFix4.txt 2011-08-10 00:00
    ComboFix5.txt 2011-09-22 23:10
    .
    Pre-Run: 26,864,717,824 bytes free
    Post-Run: 26,850,533,376 bytes free
    .
    - - End Of File - - B333AD01A7903AEFD6477A98044786B1


    There were errors when I ran AVAST, but when I tried to export the reports to put here I couldn't get anything.I couldn't copy or paste anything either....
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    If Avast dealt with the errors and you have no remaining issues do the following :-

    Please go to the following link and download the full installer for SP3: Here

    Save the installer to your Desktop.

    Do not install it yet

    Re-boot your system into Safe Mode, run the SP3 installer. When complete re-boot to Normal Mode, run the following:

    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Kevin..
     
  12. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    Not sure what you mean by AVAST dealing with errors - I just ran the program and it showed multiple errors - I did not tell it to "fix" anything (supposedly it would only fix 100 of them on the free version and there were more than that). Should I still do the last steps you posted?
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Avast free version has no restrictions and should kill any and all infections that it finds.... maybe error was a bad choice of words from me, I actually meant infection/s. If Avast found many infections let it kill them all if possible. It is no good progressing to SP3 until we know for sure that your PC is clean.

    See if this Online Scanner will run and produce a log:

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see the log from ESET in your reply...
     
  14. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-3a89176f a variant of Java/TrojanDownloader.Agent.NAN trojan
    C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\60\5c2bd6bc-3ef6d2d6 probably a variant of Win32/Agent.FQRCZBA trojan
    C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache8380276680189899400.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Services
      :Files
      netsh firewall reset /c
      ipconfig /flushdns /c
      :Commands
      [EmptyFlash]
      [EmptyTemp]
      [ResetHosts]
      [ClearAllRestorePoints]
      [Reboot]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Let me see the log from OTM, also tell me how your system is responding and what issues/concerns remain....

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1018530