Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
41 - 60 of 83 Posts
Discussion starter · #41 ·
The scan found 1 infection.

c:\hp\bin\ProcessLogger.exe is infected by win32:pUP.gen [PUP]

I didn't do anything with it because I wasn't sure if you wanted me to repair, delete, or move it.
 
I`d rather you upload that file for analysis, do the following:

Upload a File to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file c:\hp\bin\ProcessLogger.exe
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Let me see the results...
 
Discussion starter · #43 ·
Hope this is what you were looking for:

File name: ProcessLogger.exe
Submission date: 2011-10-06 00:03:29 (UTC)
Current status: queued (#436) queued (#436) analysing finished

Result: 1/ 43 (2.3%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.10.05.00 2011.10.05 -
AntiVir 7.11.15.135 2011.10.05 -
Antiy-AVL 2.0.3.7 2011.10.05 -
Avast 6.0.1289.0 2011.10.05 Win32:pUP-gen [PUP]
AVG 10.0.0.1190 2011.10.05 -
BitDefender 7.2 2011.10.06 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.05 -
ClamAV 0.97.0.0 2011.10.06 -
Commtouch 5.3.2.6 2011.10.05 -
Comodo 10356 2011.10.06 -
DrWeb 5.0.2.03300 2011.10.06 -
Emsisoft 5.1.0.11 2011.10.06 -
eSafe 7.0.17.0 2011.10.05 -
eTrust-Vet 36.1.8599 2011.10.05 -
F-Prot 4.6.2.117 2011.10.05 -
F-Secure 9.0.16440.0 2011.10.06 -
Fortinet 4.3.370.0 2011.10.05 -
GData 22 2011.10.06 -
Ikarus T3.1.1.107.0 2011.10.05 -
Jiangmin 13.0.900 2011.10.05 -
K7AntiVirus 9.114.5245 2011.10.05 -
Kaspersky 9.0.0.837 2011.10.06 -
McAfee 5.400.0.1158 2011.10.06 -
McAfee-GW-Edition 2010.1D 2011.10.05 -
Microsoft 1.7702 2011.10.05 -
NOD32 6520 2011.10.06 -
Norman 6.07.11 2011.10.05 -
nProtect 2011-10-05.01 2011.10.05 -
Panda 10.0.3.5 2011.10.05 -
PCTools 8.0.0.5 2011.10.06 -
Prevx 3.0 2011.10.06 -
Rising 23.77.04.01 2011.09.30 -
Sophos 4.69.0 2011.10.05 -
SUPERAntiSpyware 4.40.0.1006 2011.10.06 -
Symantec 20111.2.0.82 2011.10.05 -
TheHacker 6.7.0.1.317 2011.10.05 -
TrendMicro 9.500.0.1008 2011.10.05 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.06 -
VBA32 3.12.16.4 2011.10.05 -
VIPRE 10672 2011.10.06 -
ViRobot 2011.10.5.4703 2011.10.05 -
VirusBuster 14.0.250.0 2011.10.05 -
Additional informationShow all
MD5 : 682990a95f88844290d55f25b9f05138
SHA1 : f67d46bcc89ba10fe2bbebbab8b1f9ef85e29b47
SHA256: f445882b48cfcc62adaaacc2558d9f341a68ed593518f94a118e30be56138f22
ssdeep: 6144:mWTVF++nrDRqPdWPNKBFrL0WyHGvFkpfKkA0uqyDZGZzn8ZDsIVTtqp2MEdZAuEl:miqFW
8BxYrHYDv0iQZ7OOAdCJVeX
File size : 447488 bytes
First seen: 2006-08-20 03:15:02
Last seen : 2011-10-06 00:03:29
TrID:
Win32 Executable Delphi generic (30.6%)
DOS Executable Borland C++ (27.1%)
Win32 Executable Generic (17.8%)
Win32 Dynamic Link Library (generic) (15.8%)
Generic Win/DOS Executable (4.1%)
sigcheck:
publisher....: Hewlett-Packard
copyright....:
product......: Visual Process Logger Deluxe Professional 32-Bit Enterprise Edition Plus Plus Turbo Enhanced
description..: Exciting Windows Process Logging Technolgy.
original name:
internal name: Chupacabra
file version.: 1.1.3.1
comments.....: Specify number of minutes to run on the command line, defaul is 15. Results are logged to the file process.log in the Windows temp directory.
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x3E31A407 (Fri Jan 24 20:37:27 2003)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x58000, 0x58000, 6.52, e12d8a7cd35708acd1d39354c700c639
.data, 0x59000, 0xB000, 0x6400, 4.96, badc5d0c0450634540d2c48bcdfccc09
.tls, 0x64000, 0x1000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.rdata, 0x65000, 0x1000, 0x200, 0.21, b2a34b9a80a0b83d5587b42bab27b4a0
.idata, 0x66000, 0x3000, 0x2600, 4.99, b58254a3d441218d79a01af5621559ce
.edata, 0x69000, 0x1000, 0x600, 4.21, a32dcfc602443779dbb0c21ce97e6e9e
.rsrc, 0x6A000, 0x6000, 0x5800, 4.26, 7372e035b18245a713c4c13bcef09c9c
.reloc, 0x70000, 0x7000, 0x6200, 6.62, 1fe085f5793431e11f23add760e6fbf3

[[ 9 import(s) ]]
ADVAPI32.DLL: RegCloseKey, RegOpenKeyExA, RegQueryValueExA
KERNEL32.DLL: CloseHandle, CompareStringA, CreateEventA, CreateFileA, CreateThread, CreateToolhelp32Snapshot, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, FindClose, FindFirstFileA, FindResourceA, FormatMessageA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetEnvironmentStrings, GetFileAttributesA, GetFileSize, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetStringTypeW, GetSystemDefaultLangID, GetSystemInfo, GetTempPathA, GetThreadLocale, GetTickCount, GetUserDefaultLCID, GetVersion, GetVersionExA, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalFree, GlobalHandle, GlobalLock, GlobalReAlloc, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, IsValidLocale, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadResource, LocalAlloc, LocalFree, LockResource, MulDiv, MultiByteToWideChar, Process32First, Process32Next, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetErrorMode, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcpyA, lstrcpynA, lstrlenA
VERSION.DLL: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
COMCTL32.DLL: ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_SetIconSize, ImageList_Write, ImageList_DrawEx
GDI32.DLL: BitBlt, CopyEnhMetaFileA, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreatePalette, CreatePenIndirect, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, ExcludeClipRect, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectA, GetPaletteEntries, GetPixel, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextExtentPointA, GetTextMetricsA, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, PlayEnhMetaFile, RealizePalette, RectVisible, Rectangle, RestoreDC, SaveDC, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetEnhMetaFileBits, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportOrgEx, SetWinMetaFileBits, SetWindowOrgEx, StretchBlt, UnrealizeObject
SHELL32.DLL: ShellExecuteA
USER32.DLL: ActivateKeyboardLayout, AdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CharNextA, CheckMenuItem, ClientToScreen, CreateIcon, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, EnableMenuItem, EnableScrollBar, EnableWindow, EndPaint, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClientRect, GetClipboardData, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextA, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetPropA, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, IntersectRect, InvalidateRect, IsChild, IsDialogMessageA, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadKeyboardLayoutA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBoxA, OemToCharA, OffsetRect, PeekMessageA, PostMessageA, PostQuitMessage, PtInRect, RegisterClassA, RegisterClipboardFormatA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, SendMessageA, SetActiveWindow, SetCapture, SetClassLongA, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint, wsprintfA, GetSystemMenu
OLE32.DLL: IsEqualGUID
OLEAUT32.DLL: SysAllocStringLen, SysFreeString, SysReAllocStringLen, SysStringLen, VariantChangeTypeEx, VariantClear, VariantCopyInd

[[ 26 export(s) ]]
@$xp$11TExeVersion, @@Exever@Finalize, @@Exever@Initialize, @@Mainform@Finalize, @@Mainform@Initialize, @Exever@Register$qqrv, @TExeVersion@, @TExeVersion@$bctr$qqrp18Classes@TComponent, @TExeVersion@GetBuild$qqrv, @TExeVersion@GetComments$qqrv, @TExeVersion@GetCompanyName$qqrv, @TExeVersion@GetFileDescription$qqrv, @TExeVersion@GetFileVersion$qqrv, @TExeVersion@GetFileVersionField$qqrpct1t1ipul, @TExeVersion@GetInternalName$qqrv, @TExeVersion@GetLegalCopyright$qqrv, @TExeVersion@GetLegalTrademarks$qqrv, @TExeVersion@GetMajorVersion$qqrv, @TExeVersion@GetMinorVersion$qqrv, @TExeVersion@GetOriginalFilename$qqrv, @TExeVersion@GetProductName$qqrv, @TExeVersion@GetProductVersion$qqrv, @TExeVersion@GetRelease$qqrv, _FormMain, __GetExceptDLLinfo, ___CPPdebugHook

ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 360448
Comments: Specify number of minutes to run on the command line, defaul is 15. Results are logged to the file process.log in the Windows temp directory.
CompanyName: Hewlett-Packard
EntryPoint: 0x1000
FileDescription: Exciting Windows Process Logging Technolgy.
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 437 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1.1.3.1
FileVersionNumber: 1.1.3.1
ImageVersion: 0.0
InitializedDataSize: 45056
InternalName: Chupacabra
LanguageCode: English (U.S.)
LegalCopyright:
LegalTrademarks:
LinkerVersion: 5.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename:
PEType: PE32
ProductName: Visual Process Logger Deluxe Professional 32-Bit Enterprise Edition Plus Plus Turbo Enhanced
ProductVersion: 1.0.0.0
ProductVersionNumber: 1.1.3.1
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2003:01:24 21:37:27+01:00
UninitializedDataSize: 0

VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
 
Discussion starter · #45 ·
I tried again.....and got the below Copy Error

Setup cannot copy the file proquota.exe

Ensure that the location specified below is correct, or change it and insert Windows XP System Files in the drive you specify.

Copy file from c:\windows\system32\dllcache
 
OK, When you unzipped proquota.exe you copied it as follows:

c:\windows\system32\dllcache\proquota\proquota.exe it should have been like this:

c:\windows\system32\dllcache\proquota.exe

Although CF did copy the file from the unzipped location to the system32 folder satisfactory, it appears that windows is not happy. OK do the following.

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    c:\windows\system32\dllcache\proquota
    :Commands
    [EmptyTemp]
    [Reboot]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
Fcopy::
c:\windows\system32\proquota.exe | c:\windows\system32\dllcache\proquota.exe
Quit::
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

If cf copies the file successfully re-boot and try SP3 again... let me see the logs from OTM and CF also...

Kevin..
 
Discussion starter · #47 ·
Well, I thought we would do it this time........I got the same message as before:

Service Pack 3 Setup could not backup registry key

HKCR\RDS.DataControl.2.81 to file c:\windows\$NTServicePackUninstall$\reg00801. 5: Access is denied.

Below is the OTM and CF logs:

All processes killed
========== FILES ==========
c:\windows\system32\dllcache\proquota folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 190525458 bytes
->Temporary Internet Files folder emptied: 16872597 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4649 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20309599 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 44919643 bytes

Total Files Cleaned = 260.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 10062011_171700

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_2cc.dat not found!

Registry entries deleted on Reboot...

ComboFix 11-10-06.03 - Compaq_Owner 10/06/2011 18:19:38.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.217 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\windows\system32\d3d9caps.dat
.
.
--------------- FCopy ---------------
.
c:\windows\system32\proquota.exe --> c:\windows\system32\dllcache\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 23:19 . 2004-08-04 02:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-10-06 22:17 . 2011-10-06 22:17 -------- d-----w- C:\_OTM
2011-10-06 00:58 . 2011-10-06 01:03 -------- d-----w- C:\745fdd92d375ac8b8231439ccf
2011-10-04 02:45 . 2011-10-04 02:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2011-10-04 01:39 . 2004-08-04 02:00 50176 ------w- c:\windows\system32\proquota.exe
2011-10-04 00:35 . 2011-10-04 00:38 -------- d-----w- c:\program files\IZArc
2011-10-03 00:22 . 2011-10-03 00:22 -------- d-----w- c:\program files\ERUNT
2011-10-02 05:08 . 2011-10-02 05:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 04:54 . 2011-10-06 01:46 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-10-02 04:03 . 2011-10-02 04:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-01 20:44 . 2011-10-03 02:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-30 22:10 . 2011-09-30 22:15 -------- d-----w- C:\8c1052ccbb76ede9b14ff3e1ec
2011-09-30 03:17 . 2011-09-30 03:23 -------- d-----w- C:\70f5fa78f1c271efda
2011-09-29 00:23 . 2011-09-29 00:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Sun
2011-09-28 21:14 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-28 21:14 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-28 21:13 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-28 21:13 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-28 21:13 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-28 21:13 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-28 21:13 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-28 21:13 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-28 21:12 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-28 21:12 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\program files\AVAST Software
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-28 20:48 . 2011-09-28 20:48 -------- d-----w- c:\program files\Common Files\Java
2011-09-26 14:22 . 2011-09-26 14:22 -------- d-----w- c:\program files\FileHippo.com
2011-09-23 00:24 . 2011-09-24 05:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PriceGong(2)
2011-09-21 03:02 . 2011-09-21 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 04:14 . 2011-10-02 04:14 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
2011-10-02 04:14 . 2011-10-02 04:14 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
2011-10-02 04:14 . 2011-10-02 04:14 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
2011-10-02 04:14 . 2011-10-02 04:14 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
2011-10-02 04:14 . 2011-10-02 04:14 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
2011-10-02 04:14 . 2011-10-02 04:14 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
2011-10-02 04:14 . 2011-10-02 04:14 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper.dll
2011-10-02 04:14 . 2011-10-02 04:14 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
2011-10-02 04:14 . 2011-10-02 04:14 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHI18N.dll
2011-10-02 04:14 . 2011-10-02 04:14 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ContentUpdater.exe
2011-10-02 04:14 . 2011-10-02 04:14 110592 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\DSAPI4.dll
2011-10-02 04:14 . 2011-10-02 04:14 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PluginCtrl.dll
2011-10-02 04:13 . 2011-10-02 04:13 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\HPBasicDetection.dll
2011-10-02 04:13 . 2011-10-02 04:13 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\msxmlwrapper.dll
2011-10-02 04:13 . 2011-10-02 04:13 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\GUI.dll
2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\ZipLib.dll
2011-10-02 04:13 . 2011-10-02 04:13 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchapi.dll
2011-10-02 04:13 . 2011-10-02 04:13 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\motivede.dll
2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchmsxml.dll
2011-10-02 04:13 . 2011-10-02 04:13 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
2011-10-02 04:13 . 2011-10-02 04:13 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\api.dll
2011-10-02 04:13 . 2011-10-02 04:13 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pcdapi.dll
2011-10-02 04:13 . 2011-10-02 04:13 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\clientutil52.dll
2011-10-02 04:13 . 2011-10-02 04:13 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\util.dll
2011-10-02 04:13 . 2011-10-02 04:13 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\client_motkt.dll
2011-10-02 04:13 . 2011-10-02 04:13 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\InetWrap.dll
2011-10-02 04:13 . 2011-10-02 04:13 102400 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCDrAccess.dll
2011-10-02 04:13 . 2011-10-02 04:13 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\hwinv.dll
2011-10-02 04:13 . 2011-10-02 04:13 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchmsxml.dll
2011-10-02 04:13 . 2011-10-02 04:13 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\asst_ui.dll
2011-10-02 04:13 . 2011-10-02 04:13 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\gnu.dll
2011-10-02 04:13 . 2011-10-02 04:13 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\SearchCtrl.dll
2011-10-02 04:13 . 2011-10-02 04:13 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\winverifytrustwrapper.dll
2011-10-02 04:13 . 2011-10-02 04:13 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\jsharpinterp.dll
2011-10-02 04:13 . 2011-10-02 04:13 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll
2011-09-28 20:41 . 2010-08-06 19:37 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 20:41 . 2010-07-12 16:08 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 22:00 . 2010-07-26 02:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:07 . 2011-08-13 03:07 18944 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2009-10-16 00:21 . 2009-10-16 00:21 4375672 ----a-w- c:\program files\vmplayer.exe
2009-09-16 00:41 . 2009-09-16 00:41 19918 ----a-w- c:\program files\Common Files\wyka.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-04_01.40.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-09-26 02:33 . 2011-10-02 19:59 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-06 22:21 . 2011-10-06 22:21 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-06 22:21 . 2011-10-06 22:21 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2011-10-06 22:21 . 2011-10-06 22:21 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
+ 2011-10-06 22:21 . 2011-10-06 22:21 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2011-09-26 02:33 . 2011-10-02 19:59 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-10-06 22:21 . 2011-10-06 22:21 16384 c:\windows\Temp\Cookies\index.dat
- 2011-09-26 02:33 . 2011-10-02 19:59 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\b28b0.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-10-04 00:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1603:TCP"= 1603:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2011 4:13 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2011 4:14 PM 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 1:00 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2011 4:14 PM 20568]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/3/2010 8:44 AM 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2011-10-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2011-10-06 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-10-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
.
2011-10-05 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 18:46
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-06 18:58:48
ComboFix-quarantined-files.txt 2011-10-06 23:58
ComboFix2.txt 2011-10-04 01:54
.
Pre-Run: 27,960,250,368 bytes free
Post-Run: 27,941,781,504 bytes free
.
- - End Of File - - 76321D80D8337045D5A391F0109F6B17

By the way, I would like to thank you for being so patient in helping to get this fixed.
 
OK, this looks like its just a permissions issue, do the following:

1. Click Start, click Run, type regedit, and then click OK to start Registry Editor.

2. Expand this key HKEY_Classes_Root by selecting the +sign at the side,

3. Scroll to RDS.DataControl.2.81 > next > click Permissions.

4. Under Group or user names, click Administrators.

5. Under Permissions for Administrators, make sure that the Allow check box for the following entries is selected:

Full Control
Read

6. Click Apply, and then click OK.

7. On the File menu, click Exit to exit Registry Editor.

Re-boot your PC then try SP3 again from safe mode with all security off....

Kevin
 
Discussion starter · #49 ·
Well, I would like to tell you it worked.....but, it didn't. I get the same error message:

Service Pack 3 Setup could not backup registry key

HKCR\RDS.DataControl.2.81 to file c:\windows\$NTServicePackUninstall$\reg00801. 5: Access is denied.
 
Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> Here <<<
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.That is expected.

Try SP3 again....
 
Discussion starter · #52 ·
Forgot to post problem.....same error....

Service Pack 3 Setup could not backup registry key

HKCR\RDS.DataControl.2.81 to file c:\windows\$NTServicePackUninstall$\reg00801. 5: Access is denied.
 
Upload a file to Jotti for analysis

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

c:\program files\Common Files\wyka.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Upload same file to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file c:\program files\Common Files\wyka.dll
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
 
Discussion starter · #54 ·
Jotti's malware scan
Filename: wyka.dll
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 9 Oct 2011 17:17:04 (CET) Permalink

________________________________________

Additional info
File size: 19918 bytes
Filetype: Unknown
MD5: f20d2f5cb92d0f1889ece21cd3d9300f
SHA1: 5548dc68c8eb0184e1df5d3280fcc1c599ed5249

Scanners

2011-10-09 Found nothing
2011-10-09 Found nothing

2011-10-09 Found nothing
2011-10-09 Found nothing

2011-10-07 Found nothing
2011-10-09 Found nothing

2011-10-09 Found nothing
2011-10-09 Found nothing

2011-10-09 Found nothing
2011-10-09 Found nothing

2011-10-09 Found nothing
2011-10-08 Found nothing

2011-10-09 Found nothing
2011-10-07 Found nothing

2011-10-09 Found nothing
2011-10-09 Found nothing

2011-10-09 Found nothing
2011-10-07 Found nothing

2011-10-09 Found nothing
2011-10-09 Found nothing

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
wyka.dll
Submission date:
2011-10-09 15:14:30 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%) VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.10.08.01 2011.10.09 -
AntiVir 7.11.15.173 2011.10.09 -
Antiy-AVL 2.0.3.7 2011.10.09 -
Avast 6.0.1289.0 2011.10.09 -
AVG 10.0.0.1190 2011.10.07 -
BitDefender 7.2 2011.10.09 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.07 -
ClamAV 0.97.0.0 2011.10.09 -
Commtouch 5.3.2.6 2011.10.09 -
Comodo 10400 2011.10.09 -
DrWeb 5.0.2.03300 2011.10.09 -
Emsisoft 5.1.0.11 2011.10.09 -
eSafe 7.0.17.0 2011.10.06 -
eTrust-Vet 36.1.8605 2011.10.07 -
F-Prot 4.6.2.117 2011.10.09 -
F-Secure 9.0.16440.0 2011.10.09 -
Fortinet 4.3.370.0 2011.10.09 -
GData 22 2011.10.09 -
Ikarus T3.1.1.107.0 2011.10.09 -
Jiangmin 13.0.900 2011.10.09 -
K7AntiVirus 9.115.5258 2011.10.08 -
Kaspersky 9.0.0.837 2011.10.09 -
McAfee 5.400.0.1158 2011.10.09 -
McAfee-GW-Edition 2010.1D 2011.10.08 -
Microsoft 1.7702 2011.10.09 -
NOD32 6528 2011.10.09 -
Norman 6.07.11 2011.10.09 -
nProtect 2011-10-09.01 2011.10.09 -
Panda 10.0.3.5 2011.10.09 -
PCTools 8.0.0.5 2011.10.09 -
Prevx 3.0 2011.10.09 -
Rising 23.78.06.02 2011.10.09 -
Sophos 4.70.0 2011.10.09 -
SUPERAntiSpyware 4.40.0.1006 2011.10.08 Rogue.Agent/Gen-Nullo[DLL]
Symantec 20111.2.0.82 2011.10.09 -
TheHacker 6.7.0.1.318 2011.10.09 -
TrendMicro 9.500.0.1008 2011.10.09 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.09 -
VBA32 3.12.16.4 2011.10.07 -
VIPRE 10711 2011.10.09 -
ViRobot 2011.10.8.4709 2011.10.09 -
VirusBuster 14.1.3.0 2011.10.09 -
Additional information
Show all
MD5 : f20d2f5cb92d0f1889ece21cd3d9300f
SHA1 : 5548dc68c8eb0184e1df5d3280fcc1c599ed5249
SHA256: 09633294a88611cbdd99436524cbd26ca0b4aa50f9e90228d02b71b10a31f7b7
ssdeep: 384:UoY8LkFtB2SYCxJQU8/Pb6LCYij0sAuefm7Jzj4W4Z8lxbYFwL3lWMJwbc:UoEjBDYCgUyb
s6hzv4W3XYFElWMJj
File size : 19918 bytes
First seen: 2011-10-09 15:14:30
Last seen : 2011-10-09 15:14:30
TrID:
MPEG Video (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ExifTool:
file metadata
Error: File format error
FileSize: 19 kB
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
 
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
File::
c:\program files\Common Files\wyka.dll
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
Discussion starter · #56 ·
ComboFix 11-10-10.04 - Compaq_Owner 10/10/2011 19:26:23.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.194 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\Common Files\wyka.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\PriceGong
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Compaq_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\test\Application Data\PriceGong
c:\documents and settings\test\Application Data\PriceGong\Data\mru.xml
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-10 13:00 . 2011-10-10 13:00 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\Google
2011-10-08 23:52 . 2011-10-08 23:58 -------- d-----w- C:\e5378691a976e1c4662a117dbec2
2011-10-08 23:22 . 2011-10-08 23:27 -------- d-----w- C:\868cc9ed4e87c3df0665bdaa540b58
2011-10-07 23:44 . 2011-10-07 23:49 -------- d-----w- C:\d6dbe7d8b1b3fed02ce6f051c35cdd
2011-10-07 21:39 . 2011-10-07 21:45 -------- d-----w- C:\e6ddfae75d2df8a84b78a17baaba70
2011-10-07 00:08 . 2011-10-07 00:13 -------- d-----w- C:\7d60409b9efa23e3ba8db209fbc3
2011-10-06 22:17 . 2011-10-06 22:17 -------- d-----w- C:\_OTM
2011-10-06 00:58 . 2011-10-06 01:03 -------- d-----w- C:\745fdd92d375ac8b8231439ccf
2011-10-04 01:39 . 2004-08-04 02:00 50176 ------w- c:\windows\system32\proquota.exe
2011-10-03 00:22 . 2011-10-03 00:22 -------- d-----w- c:\program files\ERUNT
2011-10-02 04:54 . 2011-10-09 00:14 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-10-02 04:03 . 2011-10-02 04:10 -------- d-----w- c:\windows\ServicePackFiles
2011-09-30 22:10 . 2011-09-30 22:15 -------- d-----w- C:\8c1052ccbb76ede9b14ff3e1ec
2011-09-30 03:17 . 2011-09-30 03:23 -------- d-----w- C:\70f5fa78f1c271efda
2011-09-29 00:23 . 2011-09-29 00:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Sun
2011-09-28 21:12 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-28 21:12 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-28 21:11 . 2011-09-28 21:11 -------- d-----w- c:\program files\AVAST Software
2011-09-28 20:48 . 2011-09-28 20:48 -------- d-----w- c:\program files\Common Files\Java
2011-09-26 14:22 . 2011-09-26 14:22 -------- d-----w- c:\program files\FileHippo.com
2011-09-19 20:53 . 2011-09-19 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-09-19 20:50 . 2011-09-19 20:50 -------- d-----w- c:\program files\Common Files\XoftSpySE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-6 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2011-05-11 17:52 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2008-07-11 22:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-27 00:48 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 14:45 585728 ----a-w- c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-10-04 00:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 23:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2010-09-29 18:43 4861720 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\test\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 136176]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 aswFsBlk;aswFsBlk; [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-03 47360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 00:35]
.
2011-10-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2011-10-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2011-10-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-10-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-20 23:41]
.
2011-10-09 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 20:04
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NTMARTA.DLL
.
- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\AGRSMMSG.exe
c:\windows\sm56hlpr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-10 20:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-11 01:33
ComboFix2.txt 2011-10-06 23:58
ComboFix3.txt 2011-10-04 01:54
.
Pre-Run: 24,476,971,008 bytes free
Post-Run: 25,021,829,120 bytes free
.
- - End Of File - - CAF7806474DB685CCDB41FD1019A134A
 
Discussion starter · #58 ·
Boy, just can't seem to catch a break......same error:

Service Pack 3 Setup could not backup registry key

HKCR\RDS.DataControl.2.81 to file c:\windows\$NTServicePackUninstall$\reg00801. 5: Access is denied.
 
41 - 60 of 83 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top