Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
21 - 40 of 83 Posts
Let me see fresh set of DDS logs as follows:

Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin
 
Discussion starter · #25 ·
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Compaq_Owner at 16:12:24 on 2011-09-27
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.145 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - Search Helper
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\prxtbDVD0.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\prxtbDVD0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: DVDVideoSoftTB Findbar: {b5442470-cbc3-4eeb-a552-41327e54ac20} - c:\program files\dvdvideosoft\prxtbDVD0.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SMSERIAL] sm56hlpr.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252085986765
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://evpn1a.external.lmco.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ED2F7A16-D0F6-4036-8BFE-0582E705B60F} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
S3 cpuz132;cpuz132;\??\c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\compaq~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-10-19 1527900]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]
.
=============== Created Last 30 ================
.
2011-09-27 02:27:49 -------- d-----w- c:\documents and settings\compaq_owner\application data\SUPERAntiSpyware.com
2011-09-26 14:22:14 -------- d-----w- c:\program files\FileHippo.com
2011-09-24 15:07:34 -------- d-----w- c:\documents and settings\compaq_owner\application data\PriceGong
2011-09-24 05:02:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-24 05:02:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-23 00:24:24 -------- d-----w- c:\documents and settings\compaq_owner\application data\PriceGong(2)
2011-09-19 20:50:29 -------- d-----w- c:\program files\common files\XoftSpySE
.
==================== Find3M ====================
.
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 00:21:24 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41:46 19918 ----a-w- c:\program files\common files\wyka.dll
.
============= FINISH: 16:14:23.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/22/2009 2:15:54 PM
System Uptime: 9/27/2011 3:58:59 AM (13 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Sempron(tm) Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 31.919 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.38 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: SiS 760
Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
Manufacturer: SiS
Name: SiS 760
PNP Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
Service: SiS315
.
==== System Restore Points ===================
.
RP1: 9/26/2011 8:38:33 AM - System Checkpoint
RP2: 9/27/2011 12:01:51 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Age of Empires III
Age of Mythology
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
Ask Toolbar
AT&T Service & Support Tool
att.net Internet Mail
att.net Toolbar
Audacity 1.2.6
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compaq Organize
Compatibility Pack for the 2007 Office system
Content Transfer
ConvertXtoDVD 2.2.3.258
ConvertXtoDVD 4.1.2.336
CopyTrans Suite Remove Only
Easy Internet Sign-up
Emicsoft iPod Manager
Express Burn
Fast Search by Surf Canyon
FileHippo.com Update Checker
Firebird SQL Server - MAGIX Edition
Free Audio CD Burner version 1.4.7
Free Audio Converter version 1.2
Free Easy Burner V 1.2.43
Free YouTube To MP3 Converter 4.2.2
FrostWire 5.0.7
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HpSdpAppCoreApp
InfraRecorder
InterVideo DiscLabel
InterVideo WinDVD Creator
ISO Image Burner 1.1
IsoBuster 2.8
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
K-Lite Codec Pack 4.0.0 (Full)
Logitech Desktop Messenger
MAGIX Music Maker 15 Trial 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaWidget 6.0
MetaProducts Mass Downloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
Primo
QuickTime
RCA Detective™ 3.0.1.1
RCA easyRip 2.5.2.0
RCA Updater 2.0.5.0
RegCure
Runtime
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SiS VGA Utilities
SnagIt 5
Sonic Express Labeler
Sonic RecordNow!
Sony Picture Utility
SUPERAntiSpyware
Switch Sound File Converter
Text-To-Speech-Runtime
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VoiceOver Kit
vShare Plugin
WebFldrs XP
WinAVI All in One Converter
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
WinX Free PSP Video Converter 3.2.18
Wondershare DVD to Walkman Converter(Build 3.8.0)
Wondershare Video to Walkman Converter(Build 4.2.0.56)
Wondershare Walkman Video Suite(Build 4.0.3.1)
XoftSpySE
Yahoo! Software Update
YouTube Downloader 2.5.7
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
9/27/2011 12:02:06 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/26/2011 8:39:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/26/2011 12:01:17 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/25/2011 4:50:40 AM, error: PlugPlayManager [12] - The device 'USB Mass Storage Device' (USB\Vid_0781&Pid_5530\45271218DB22CBC3) disappeared from the system without first being prepared for removal.
9/25/2011 4:50:40 AM, error: PlugPlayManager [12] - The device 'SanDisk Cruzer USB Device' (USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_8.02\45271218DB22CBC3&0) disappeared from the system without first being prepared for removal.
9/25/2011 4:50:40 AM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&e3437a5&0&RM) disappeared from the system without first being prepared for removal.
9/25/2011 12:11:09 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/24/2011 7:56:31 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/24/2011 7:53:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k gagp30kx
9/24/2011 7:51:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DNS Client service to connect.
9/24/2011 7:51:39 AM, error: Service Control Manager [7000] - The DNS Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/24/2011 12:34:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/24/2011 12:17:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips SASDIFSV SASKUTIL
9/24/2011 12:12:15 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/24/2011 12:12:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/23/2011 12:02:01 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/22/2011 9:52:45 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
9/22/2011 8:43:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/22/2011 6:45:34 PM, error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: The system cannot find the file specified.
9/22/2011 6:45:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
9/22/2011 6:45:34 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
9/22/2011 6:45:34 PM, error: Service Control Manager [7000] - The Process Monitor service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 6:17:07 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:06 PM, error: Service Control Manager [7034] - The XoftSpyService service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:06 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:06 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:06 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:06 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2011 6:17:04 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:04 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:04 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 6:17:04 PM, error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/22/2011 5:50:41 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
9/22/2011 5:50:41 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/22/2011 5:49:18 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/22/2011 12:06:38 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
9/22/2011 12:02:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007007e: Security Update for Windows XP (KB958470).
9/22/2011 12:01:59 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/21/2011 6:33:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
9/21/2011 12:01:37 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
9/20/2011 12:02:17 AM, error: NtServicePack [4373] - Windows installation failed.
The specified module could not be found.
.
==== End Of File ===========================
 
Your versions of Java and Adobe reader are outdated, were you offered updates by Filehippo update checker?

There is no Anti-virus program installed, I thought you had installed Avast?

You have not installed SP3, are you having issues with that update?
 
Discussion starter · #27 ·
I updated Java and Adobe reader.

I thought I had Avast installed but it wasn't there so I reinstalled it and ran it. It did not find any threats.

When I tried to install SP3, I got the below message:

Service Pack 3 Setup could not backup registry key HKCR\RDS.DataControl.2.81 to file C:\WINDOWS\$NtServicePackUninstall$\reg00801. 5: Access is denied.
 
Download and save the full SP3 installer from Here save to your Desktop. Do not istall yet.

Next,

Download
TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Next,

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BITS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WUAUSERV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BITS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\WUAUSERV]
@="Service"
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg
. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Next,

Reboot into safe mode and run the SP3 installer...

Kevin
 
Discussion starter · #33 ·
I reset the registry and file permissions as instructed. Then I rebooted into safe mode and downloaded SP3 installer. When done I rebooted the computer. However, during the reboot I got a green screen with a bunch of words starting with:

A problem has been detected and windows has been shut down to protect damage to your computer.......

there were several other words after this basically telling me that if it was the 1st time I saw the error (it was) to try to reboot to the last known good configuration. I tried this at least 3 times and then I booted into safe mode and reset my restore point to where you had me do the "fixme". The computer would not reboot otherwise, so this is where it stands......
 
OK, this is a bear cat for sure. SP3 is very much needed or your system will always be prone to infection. From your original CF logs there was an alert of a missing file "proquota.exe" run the following and see if there is a copy on board:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    proquota.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Let me see that log in your reply...

Do you have your XP installation CD, if so what service pack level is it?

Kevin
 
Discussion starter · #35 ·
SystemLook 30.07.11 by jpshortstuff
Log created at 10:47 on 02/10/2011 by Compaq_Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "proquota.exe"
No files found.

-= EOF =-

Unfortunately, I don't have the installation CD. The place we orginally bought the computer from already had the computer loaded and did not have/give out the installation CDs.
 
The shop should have provided you with an installation CD, ok no problem do the following.

Step 1

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


Step 2

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: XP Home SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.

Step 3

I have attached proquota.zip to this reply, save to your Desktop then unzip to this folder C:\windows\system32\dllcache So that you end up with this C:\windows\system32\dllcache\proquota.exe

The file I attach is from XP Home edition, same OS as you have installed.

Step 4

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

Attachments

Discussion starter · #37 ·
I saved the proquota.zip to my desktop. When I double click on that folder I assume I select the .exe file and "extract" the file to the c:\windows\system32\dllcache file. However, I don't have any folders with that name. Am I supposed to create one first? I also don't have winzip either, does that make a difference?
 
Apologies dllcache folder is hidden, do the following to see it :

Open My Computer, access Tools > Folder Options, click the View tab and then select the Show hidden files and folders option, and uncheck the Hide protected operating system files option.

To unzip the file go Here d/l and install IZarc, it is free and will do what we want.
Unzip the file to the dllcache folder, then run CF

Kevin
 
Discussion starter · #39 ·
ComboFix 11-10-03.01 - Compaq_Owner 10/03/2011 20:13:23.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.222 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Compaq_Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\test\Application Data\PriceGong
c:\documents and settings\test\Application Data\PriceGong\Data\c.xml
c:\documents and settings\test\Application Data\PriceGong\Data\mru.xml
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\explorer(2).exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\linkinfo(2).dll
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 01:39 . 2011-10-04 01:39 -------- d-----w- c:\windows\LastGood
2011-10-04 01:39 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\OLD11E.tmp
2011-10-04 01:39 . 2004-08-04 02:00 50176 ----a-w- c:\windows\system32\proquota.exe
2011-10-04 00:35 . 2011-10-04 00:38 -------- d-----w- c:\program files\IZArc
2011-10-03 01:29 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota\proquota.exe
2011-10-03 01:26 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe\proquota.exe
2011-10-03 00:22 . 2011-10-03 00:22 -------- d-----w- c:\program files\ERUNT
2011-10-02 05:08 . 2011-10-02 05:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 04:54 . 2011-10-02 04:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-10-02 04:03 . 2011-10-02 04:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-02 03:55 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002738_.tmp
2011-10-01 20:44 . 2011-10-03 02:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-30 22:10 . 2011-09-30 22:15 -------- d-----w- C:\8c1052ccbb76ede9b14ff3e1ec
2011-09-30 03:17 . 2011-09-30 03:23 -------- d-----w- C:\70f5fa78f1c271efda
2011-09-29 00:23 . 2011-09-29 00:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Sun
2011-09-28 21:14 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-28 21:14 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-28 21:13 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-28 21:13 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-28 21:13 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-28 21:13 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-28 21:13 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-28 21:13 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-28 21:12 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-28 21:12 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\program files\AVAST Software
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-28 20:48 . 2011-09-28 20:48 -------- d-----w- c:\program files\Common Files\Java
2011-09-27 02:27 . 2011-09-27 02:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2011-09-26 14:22 . 2011-09-26 14:22 -------- d-----w- c:\program files\FileHippo.com
2011-09-23 00:24 . 2011-09-24 05:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PriceGong(2)
2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 04:14 . 2011-10-02 04:14 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
2011-10-02 04:14 . 2011-10-02 04:14 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
2011-10-02 04:14 . 2011-10-02 04:14 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
2011-10-02 04:14 . 2011-10-02 04:14 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
2011-10-02 04:14 . 2011-10-02 04:14 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
2011-10-02 04:14 . 2011-10-02 04:14 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
2011-10-02 04:14 . 2011-10-02 04:14 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper.dll
2011-10-02 04:14 . 2011-10-02 04:14 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
2011-10-02 04:14 . 2011-10-02 04:14 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHI18N.dll
2011-10-02 04:14 . 2011-10-02 04:14 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ContentUpdater.exe
2011-10-02 04:14 . 2011-10-02 04:14 110592 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\DSAPI4.dll
2011-10-02 04:14 . 2011-10-02 04:14 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PluginCtrl.dll
2011-10-02 04:13 . 2011-10-02 04:13 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\HPBasicDetection.dll
2011-10-02 04:13 . 2011-10-02 04:13 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\msxmlwrapper.dll
2011-10-02 04:13 . 2011-10-02 04:13 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\GUI.dll
2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\ZipLib.dll
2011-10-02 04:13 . 2011-10-02 04:13 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchapi.dll
2011-10-02 04:13 . 2011-10-02 04:13 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\motivede.dll
2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchmsxml.dll
2011-10-02 04:13 . 2011-10-02 04:13 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
2011-10-02 04:13 . 2011-10-02 04:13 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\api.dll
2011-10-02 04:13 . 2011-10-02 04:13 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pcdapi.dll
2011-10-02 04:13 . 2011-10-02 04:13 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\clientutil52.dll
2011-10-02 04:13 . 2011-10-02 04:13 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\util.dll
2011-10-02 04:13 . 2011-10-02 04:13 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\client_motkt.dll
2011-10-02 04:13 . 2011-10-02 04:13 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\InetWrap.dll
2011-10-02 04:13 . 2011-10-02 04:13 102400 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCDrAccess.dll
2011-10-02 04:13 . 2011-10-02 04:13 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\hwinv.dll
2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchmsxml.dll
2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\asst_ui.dll
2011-10-02 04:13 . 2011-10-02 04:13 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\gnu.dll
2011-10-02 04:13 . 2011-10-02 04:13 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\SearchCtrl.dll
2011-10-02 04:13 . 2011-10-02 04:13 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\winverifytrustwrapper.dll
2011-10-02 04:13 . 2011-10-02 04:13 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\jsharpinterp.dll
2011-10-02 04:13 . 2011-10-02 04:13 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll
2011-09-28 20:41 . 2010-08-06 19:37 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 20:41 . 2010-07-12 16:08 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 aswFsBlk;aswFsBlk; [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-03 47360]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-03 41272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GUPDATE
*NewlyCreated* - GUPDATEM
*NewlyCreated* - GUSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-03 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2011-10-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2011-10-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-10-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
.
2011-10-02 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 20:40
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-03 20:54:11
ComboFix-quarantined-files.txt 2011-10-04 01:53
.
Pre-Run: 24,560,848,896 bytes free
Post-Run: 28,695,728,128 bytes free
.
- - End Of File - - C7FA7B06BF0DF902BCCAEA8C5AC9988F
 
OK, CF has replaced the file for us into the correct folder, do the following:

Right click on the Avast Icon next to your clock and select "open avast user interface"
On the interface select Scan Computer



On the next window select Boot time scan



Onthe next window select Schedule now



On the next window select Restart Computer



Let your system re-boot and carry out the boot time scan, let me know what it finds.

If that scan is clean re-boot into safe mode, turn off security > right click on Avast icon at clock > select "avast shields control" > disable until computer is restarted > Try to install SP3 again...

Kevin
 
21 - 40 of 83 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top