1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Very Slow - Possible Multiple Virus Infections?

Discussion in 'Virus & Other Malware Removal' started by endofwits, Sep 20, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    Followed your instructions to the letter.......still get same message......
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    OK, Go Here and follow Reset the registry and the file permissions section. That will reset your registry and permissions issue...

    Kevin
     
  3. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    I reset the registry and file permissions as instructed. Then I rebooted into safe mode and downloaded SP3 installer. When done I rebooted the computer. However, during the reboot I got a green screen with a bunch of words starting with:

    A problem has been detected and windows has been shut down to protect damage to your computer.......

    there were several other words after this basically telling me that if it was the 1st time I saw the error (it was) to try to reboot to the last known good configuration. I tried this at least 3 times and then I booted into safe mode and reset my restore point to where you had me do the "fixme". The computer would not reboot otherwise, so this is where it stands......
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    OK, this is a bear cat for sure. SP3 is very much needed or your system will always be prone to infection. From your original CF logs there was an alert of a missing file "proquota.exe" run the following and see if there is a copy on board:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :filefind
      proquota.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Let me see that log in your reply...

    Do you have your XP installation CD, if so what service pack level is it?

    Kevin
     
  5. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    SystemLook 30.07.11 by jpshortstuff
    Log created at 10:47 on 02/10/2011 by Compaq_Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "proquota.exe"
    No files found.

    -= EOF =-

    Unfortunately, I don't have the installation CD. The place we orginally bought the computer from already had the computer loaded and did not have/give out the installation CDs.
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    The shop should have provided you with an installation CD, ok no problem do the following.

    Step 1

    Backing Up Your Registry
    • Download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    • Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    • Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    • Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    • Make sure that at least the first two check boxes are ticked
    • Press OK
    • Press YES to create the folder.
    [​IMG]

    Step 2

    Please download ARCDC from Artellos.com.
    • Double click ARCDC.exe
    • Follow the dialog until you see 6 options. Please pick: XP Home SP2 & SP3
    • You will be prompted with a Terms of Use by Microsoft, please accept.
    • You will see a few dos screens flash by, this is normal.
    • Next you will be able to choose to add extra files. Select the Default Files.
    • The last window will allow you to burn the disk using BurnCDCC
    Your ISO is located on your desktop.

    Step 3

    I have attached proquota.zip to this reply, save to your Desktop then unzip to this folder C:\windows\system32\dllcache So that you end up with this C:\windows\system32\dllcache\proquota.exe

    The file I attach is from XP Home edition, same OS as you have installed.

    Step 4

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     

    Attached Files:

  7. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    I saved the proquota.zip to my desktop. When I double click on that folder I assume I select the .exe file and "extract" the file to the c:\windows\system32\dllcache file. However, I don't have any folders with that name. Am I supposed to create one first? I also don't have winzip either, does that make a difference?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Apologies dllcache folder is hidden, do the following to see it :

    Open My Computer, access Tools > Folder Options, click the View tab and then select the Show hidden files and folders option, and uncheck the Hide protected operating system files option.

    To unzip the file go Here d/l and install IZarc, it is free and will do what we want.
    Unzip the file to the dllcache folder, then run CF

    Kevin
     
  9. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    ComboFix 11-10-03.01 - Compaq_Owner 10/03/2011 20:13:23.12.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.222 [GMT -5:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Compaq_Owner\Application Data\vso_ts_preview.xml
    c:\documents and settings\test\Application Data\PriceGong
    c:\documents and settings\test\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\test\Application Data\PriceGong\Data\mru.xml
    c:\program files\google\common\google updater\googleupdaterservice.exe
    c:\windows\explorer(2).exe
    c:\windows\system32\d3d9caps.dat
    c:\windows\system32\linkinfo(2).dll
    .
    c:\windows\system32\proquota.exe was missing
    Restored copy from - c:\windows\system32\dllcache\proquota\proquota.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-04 01:39 . 2011-10-04 01:39 -------- d-----w- c:\windows\LastGood
    2011-10-04 01:39 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\OLD11E.tmp
    2011-10-04 01:39 . 2004-08-04 02:00 50176 ----a-w- c:\windows\system32\proquota.exe
    2011-10-04 00:35 . 2011-10-04 00:38 -------- d-----w- c:\program files\IZArc
    2011-10-03 01:29 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota\proquota.exe
    2011-10-03 01:26 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe\proquota.exe
    2011-10-03 00:22 . 2011-10-03 00:22 -------- d-----w- c:\program files\ERUNT
    2011-10-02 05:08 . 2011-10-02 05:08 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-10-02 04:54 . 2011-10-02 04:54 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-10-02 04:03 . 2011-10-02 04:10 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-02 03:55 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002738_.tmp
    2011-10-01 20:44 . 2011-10-03 02:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-30 22:10 . 2011-09-30 22:15 -------- d-----w- C:\8c1052ccbb76ede9b14ff3e1ec
    2011-09-30 03:17 . 2011-09-30 03:23 -------- d-----w- C:\70f5fa78f1c271efda
    2011-09-29 00:23 . 2011-09-29 00:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Sun
    2011-09-28 21:14 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-28 21:14 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-28 21:13 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-28 21:13 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-28 21:13 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-28 21:13 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-28 21:13 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-28 21:13 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-09-28 21:12 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-28 21:12 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\program files\AVAST Software
    2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-09-28 20:48 . 2011-09-28 20:48 -------- d-----w- c:\program files\Common Files\Java
    2011-09-27 02:27 . 2011-09-27 02:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
    2011-09-26 14:22 . 2011-09-26 14:22 -------- d-----w- c:\program files\FileHippo.com
    2011-09-23 00:24 . 2011-09-24 05:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PriceGong(2)
    2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
    2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
    2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-02 04:14 . 2011-10-02 04:14 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
    2011-10-02 04:14 . 2011-10-02 04:14 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
    2011-10-02 04:14 . 2011-10-02 04:14 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
    2011-10-02 04:14 . 2011-10-02 04:14 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
    2011-10-02 04:14 . 2011-10-02 04:14 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
    2011-10-02 04:14 . 2011-10-02 04:14 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
    2011-10-02 04:14 . 2011-10-02 04:14 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper.dll
    2011-10-02 04:14 . 2011-10-02 04:14 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
    2011-10-02 04:14 . 2011-10-02 04:14 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHI18N.dll
    2011-10-02 04:14 . 2011-10-02 04:14 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ContentUpdater.exe
    2011-10-02 04:14 . 2011-10-02 04:14 110592 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\DSAPI4.dll
    2011-10-02 04:14 . 2011-10-02 04:14 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PluginCtrl.dll
    2011-10-02 04:13 . 2011-10-02 04:13 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\HPBasicDetection.dll
    2011-10-02 04:13 . 2011-10-02 04:13 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\msxmlwrapper.dll
    2011-10-02 04:13 . 2011-10-02 04:13 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\GUI.dll
    2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\ZipLib.dll
    2011-10-02 04:13 . 2011-10-02 04:13 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchapi.dll
    2011-10-02 04:13 . 2011-10-02 04:13 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\motivede.dll
    2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchmsxml.dll
    2011-10-02 04:13 . 2011-10-02 04:13 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
    2011-10-02 04:13 . 2011-10-02 04:13 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\api.dll
    2011-10-02 04:13 . 2011-10-02 04:13 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pcdapi.dll
    2011-10-02 04:13 . 2011-10-02 04:13 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\clientutil52.dll
    2011-10-02 04:13 . 2011-10-02 04:13 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\util.dll
    2011-10-02 04:13 . 2011-10-02 04:13 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\client_motkt.dll
    2011-10-02 04:13 . 2011-10-02 04:13 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\InetWrap.dll
    2011-10-02 04:13 . 2011-10-02 04:13 102400 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCDrAccess.dll
    2011-10-02 04:13 . 2011-10-02 04:13 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\hwinv.dll
    2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchmsxml.dll
    2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\asst_ui.dll
    2011-10-02 04:13 . 2011-10-02 04:13 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\gnu.dll
    2011-10-02 04:13 . 2011-10-02 04:13 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\SearchCtrl.dll
    2011-10-02 04:13 . 2011-10-02 04:13 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\winverifytrustwrapper.dll
    2011-10-02 04:13 . 2011-10-02 04:13 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\jsharpinterp.dll
    2011-10-02 04:13 . 2011-10-02 04:13 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll
    2011-09-28 20:41 . 2010-08-06 19:37 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 20:41 . 2010-07-12 16:08 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
    2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-04 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
    "SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
    .
    c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
    PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    backupExtension=Common Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    backupExtension=Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
    backup=c:\windows\pss\RCA Detective.lnkStartup
    backupExtension=Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
    2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
    2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
    2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
    2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
    R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2004-08-04 14336]
    S2 aswFsBlk;aswFsBlk; [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-03 47360]
    S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-03 41272]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - GUPDATE
    *NewlyCreated* - GUPDATEM
    *NewlyCreated* - GUSVC
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
    .
    2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
    .
    2011-10-03 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
    .
    2011-10-02 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
    .
    2011-10-03 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-10-03 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-08-05 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
    .
    2011-10-02 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://login.yahoo.com/config/mail?.intl=us
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
    IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
    IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: $talisma_url$
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-03 20:40
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(792)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-10-03 20:54:11
    ComboFix-quarantined-files.txt 2011-10-04 01:53
    .
    Pre-Run: 24,560,848,896 bytes free
    Post-Run: 28,695,728,128 bytes free
    .
    - - End Of File - - C7FA7B06BF0DF902BCCAEA8C5AC9988F
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    OK, CF has replaced the file for us into the correct folder, do the following:

    Right click on the Avast Icon next to your clock and select "open avast user interface"
    On the interface select Scan Computer

    [​IMG]

    On the next window select Boot time scan

    [​IMG]

    Onthe next window select Schedule now

    [​IMG]

    On the next window select Restart Computer

    [​IMG]

    Let your system re-boot and carry out the boot time scan, let me know what it finds.

    If that scan is clean re-boot into safe mode, turn off security > right click on Avast icon at clock > select "avast shields control" > disable until computer is restarted > Try to install SP3 again...

    Kevin
     
  11. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    The scan found 1 infection.

    c:\hp\bin\ProcessLogger.exe is infected by win32:pUP.gen [PUP]

    I didn't do anything with it because I wasn't sure if you wanted me to repair, delete, or move it.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    I`d rather you upload that file for analysis, do the following:

    Upload a File to Virustotal
    Please visit Virustotal
    • Click the Browse... button
    • Navigate to the file c:\hp\bin\ProcessLogger.exe
    • Click the Open button
    • Click the Send button
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Let me see the results...
     
  13. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    Hope this is what you were looking for:

    File name: ProcessLogger.exe
    Submission date: 2011-10-06 00:03:29 (UTC)
    Current status: queued (#436) queued (#436) analysing finished


    Result: 1/ 43 (2.3%)
    VT Community

    not reviewed
    Safety score: -
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.10.05.00 2011.10.05 -
    AntiVir 7.11.15.135 2011.10.05 -
    Antiy-AVL 2.0.3.7 2011.10.05 -
    Avast 6.0.1289.0 2011.10.05 Win32:pUP-gen [PUP]
    AVG 10.0.0.1190 2011.10.05 -
    BitDefender 7.2 2011.10.06 -
    ByteHero 1.0.0.1 2011.09.23 -
    CAT-QuickHeal 11.00 2011.10.05 -
    ClamAV 0.97.0.0 2011.10.06 -
    Commtouch 5.3.2.6 2011.10.05 -
    Comodo 10356 2011.10.06 -
    DrWeb 5.0.2.03300 2011.10.06 -
    Emsisoft 5.1.0.11 2011.10.06 -
    eSafe 7.0.17.0 2011.10.05 -
    eTrust-Vet 36.1.8599 2011.10.05 -
    F-Prot 4.6.2.117 2011.10.05 -
    F-Secure 9.0.16440.0 2011.10.06 -
    Fortinet 4.3.370.0 2011.10.05 -
    GData 22 2011.10.06 -
    Ikarus T3.1.1.107.0 2011.10.05 -
    Jiangmin 13.0.900 2011.10.05 -
    K7AntiVirus 9.114.5245 2011.10.05 -
    Kaspersky 9.0.0.837 2011.10.06 -
    McAfee 5.400.0.1158 2011.10.06 -
    McAfee-GW-Edition 2010.1D 2011.10.05 -
    Microsoft 1.7702 2011.10.05 -
    NOD32 6520 2011.10.06 -
    Norman 6.07.11 2011.10.05 -
    nProtect 2011-10-05.01 2011.10.05 -
    Panda 10.0.3.5 2011.10.05 -
    PCTools 8.0.0.5 2011.10.06 -
    Prevx 3.0 2011.10.06 -
    Rising 23.77.04.01 2011.09.30 -
    Sophos 4.69.0 2011.10.05 -
    SUPERAntiSpyware 4.40.0.1006 2011.10.06 -
    Symantec 20111.2.0.82 2011.10.05 -
    TheHacker 6.7.0.1.317 2011.10.05 -
    TrendMicro 9.500.0.1008 2011.10.05 -
    TrendMicro-HouseCall 9.500.0.1008 2011.10.06 -
    VBA32 3.12.16.4 2011.10.05 -
    VIPRE 10672 2011.10.06 -
    ViRobot 2011.10.5.4703 2011.10.05 -
    VirusBuster 14.0.250.0 2011.10.05 -
    Additional informationShow all
    MD5 : 682990a95f88844290d55f25b9f05138
    SHA1 : f67d46bcc89ba10fe2bbebbab8b1f9ef85e29b47
    SHA256: f445882b48cfcc62adaaacc2558d9f341a68ed593518f94a118e30be56138f22
    ssdeep: 6144:mWTVF++nrDRqPdWPNKBFrL0WyHGvFkpfKkA0uqyDZGZzn8ZDsIVTtqp2MEdZAuEl:miqFW
    8BxYrHYDv0iQZ7OOAdCJVeX
    File size : 447488 bytes
    First seen: 2006-08-20 03:15:02
    Last seen : 2011-10-06 00:03:29
    TrID:
    Win32 Executable Delphi generic (30.6%)
    DOS Executable Borland C++ (27.1%)
    Win32 Executable Generic (17.8%)
    Win32 Dynamic Link Library (generic) (15.8%)
    Generic Win/DOS Executable (4.1%)
    sigcheck:
    publisher....: Hewlett-Packard
    copyright....:
    product......: Visual Process Logger Deluxe Professional 32-Bit Enterprise Edition Plus Plus Turbo Enhanced
    description..: Exciting Windows Process Logging Technolgy.
    original name:
    internal name: Chupacabra
    file version.: 1.1.3.1
    comments.....: Specify number of minutes to run on the command line, defaul is 15. Results are logged to the file process.log in the Windows temp directory.
    signers......: -
    signing date.: -
    verified.....: Unsigned

    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1000
    timedatestamp....: 0x3E31A407 (Fri Jan 24 20:37:27 2003)
    machinetype......: 0x14c (I386)

    [[ 8 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x58000, 0x58000, 6.52, e12d8a7cd35708acd1d39354c700c639
    .data, 0x59000, 0xB000, 0x6400, 4.96, badc5d0c0450634540d2c48bcdfccc09
    .tls, 0x64000, 0x1000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
    .rdata, 0x65000, 0x1000, 0x200, 0.21, b2a34b9a80a0b83d5587b42bab27b4a0
    .idata, 0x66000, 0x3000, 0x2600, 4.99, b58254a3d441218d79a01af5621559ce
    .edata, 0x69000, 0x1000, 0x600, 4.21, a32dcfc602443779dbb0c21ce97e6e9e
    .rsrc, 0x6A000, 0x6000, 0x5800, 4.26, 7372e035b18245a713c4c13bcef09c9c
    .reloc, 0x70000, 0x7000, 0x6200, 6.62, 1fe085f5793431e11f23add760e6fbf3

    [[ 9 import(s) ]]
    ADVAPI32.DLL: RegCloseKey, RegOpenKeyExA, RegQueryValueExA
    KERNEL32.DLL: CloseHandle, CompareStringA, CreateEventA, CreateFileA, CreateThread, CreateToolhelp32Snapshot, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, FindClose, FindFirstFileA, FindResourceA, FormatMessageA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetEnvironmentStrings, GetFileAttributesA, GetFileSize, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetStringTypeW, GetSystemDefaultLangID, GetSystemInfo, GetTempPathA, GetThreadLocale, GetTickCount, GetUserDefaultLCID, GetVersion, GetVersionExA, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalFree, GlobalHandle, GlobalLock, GlobalReAlloc, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, IsValidLocale, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadResource, LocalAlloc, LocalFree, LockResource, MulDiv, MultiByteToWideChar, Process32First, Process32Next, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetErrorMode, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcpyA, lstrcpynA, lstrlenA
    VERSION.DLL: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
    COMCTL32.DLL: ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_SetIconSize, ImageList_Write, ImageList_DrawEx
    GDI32.DLL: BitBlt, CopyEnhMetaFileA, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreatePalette, CreatePenIndirect, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, ExcludeClipRect, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectA, GetPaletteEntries, GetPixel, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextExtentPointA, GetTextMetricsA, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, PlayEnhMetaFile, RealizePalette, RectVisible, Rectangle, RestoreDC, SaveDC, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetEnhMetaFileBits, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportOrgEx, SetWinMetaFileBits, SetWindowOrgEx, StretchBlt, UnrealizeObject
    SHELL32.DLL: ShellExecuteA
    USER32.DLL: ActivateKeyboardLayout, AdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CharNextA, CheckMenuItem, ClientToScreen, CreateIcon, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, EnableMenuItem, EnableScrollBar, EnableWindow, EndPaint, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClientRect, GetClipboardData, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextA, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetPropA, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, IntersectRect, InvalidateRect, IsChild, IsDialogMessageA, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadKeyboardLayoutA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBoxA, OemToCharA, OffsetRect, PeekMessageA, PostMessageA, PostQuitMessage, PtInRect, RegisterClassA, RegisterClipboardFormatA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, SendMessageA, SetActiveWindow, SetCapture, SetClassLongA, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint, wsprintfA, GetSystemMenu
    OLE32.DLL: IsEqualGUID
    OLEAUT32.DLL: SysAllocStringLen, SysFreeString, SysReAllocStringLen, SysStringLen, VariantChangeTypeEx, VariantClear, VariantCopyInd

    [[ 26 export(s) ]]
    @$xp$11TExeVersion, @@Exever@Finalize, @@Exever@Initialize, @@Mainform@Finalize, @@Mainform@Initialize, @Exever@Register$qqrv, @TExeVersion@, @TExeVersion@$bctr$qqrp18Classes@TComponent, @TExeVersion@GetBuild$qqrv, @TExeVersion@GetComments$qqrv, @TExeVersion@GetCompanyName$qqrv, @TExeVersion@GetFileDescription$qqrv, @TExeVersion@GetFileVersion$qqrv, @TExeVersion@GetFileVersionField$qqrpct1t1ipul, @TExeVersion@GetInternalName$qqrv, @TExeVersion@GetLegalCopyright$qqrv, @TExeVersion@GetLegalTrademarks$qqrv, @TExeVersion@GetMajorVersion$qqrv, @TExeVersion@GetMinorVersion$qqrv, @TExeVersion@GetOriginalFilename$qqrv, @TExeVersion@GetProductName$qqrv, @TExeVersion@GetProductVersion$qqrv, @TExeVersion@GetRelease$qqrv, _FormMain, __GetExceptDLLinfo, ___CPPdebugHook

    ExifTool:
    file metadata
    CharacterSet: Windows, Latin1
    CodeSize: 360448
    Comments: Specify number of minutes to run on the command line, defaul is 15. Results are logged to the file process.log in the Windows temp directory.
    CompanyName: Hewlett-Packard
    EntryPoint: 0x1000
    FileDescription: Exciting Windows Process Logging Technolgy.
    FileFlagsMask: 0x003f
    FileOS: Win32
    FileSize: 437 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 1.1.3.1
    FileVersionNumber: 1.1.3.1
    ImageVersion: 0.0
    InitializedDataSize: 45056
    InternalName: Chupacabra
    LanguageCode: English (U.S.)
    LegalCopyright:
    LegalTrademarks:
    LinkerVersion: 5.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    ObjectFileType: Executable application
    OriginalFilename:
    PEType: PE32
    ProductName: Visual Process Logger Deluxe Professional 32-Bit Enterprise Edition Plus Plus Turbo Enhanced
    ProductVersion: 1.0.0.0
    ProductVersionNumber: 1.1.3.1
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2003:01:24 21:37:27+01:00
    UninitializedDataSize: 0



    VT Community

    0
    This file has never been reviewed by any VT Community member. Be the first one to comment on it!
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    OK, that alert from Avast boot scan is a FP (false positive) have a read Here for confirmation.

    Try SP3 again as per the instruction at the end of post #40
     
  15. endofwits

    endofwits Thread Starter

    Joined:
    Aug 11, 2007
    Messages:
    83
    I tried again.....and got the below Copy Error

    Setup cannot copy the file proquota.exe

    Ensure that the location specified below is correct, or change it and insert Windows XP System Files in the drive you specify.

    Copy file from c:\windows\system32\dllcache
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1018530