HiJack Files ~ which are good/bad?

[Whitney11763]

New to this forum and attached I have a Hijack report and since I don't know what I am doing or what any of these files pertain to - can some one literally tell me which ones to keep and which ones to trash?

 

also, on the start up log, which I couldn't save and attach here because it was invalid, there are two boxes which are blank and sitting side by side.

 

The message reads as follows:

 

"Windows cannot find "box box". Make sure you typed the name correctly and then try again. To search for a file, click start then click search"

 

Now I don't know which file or program or what this message pertains to but every time I start up my computer the error message appears not once but twice one right after another! Is there anyway to rid me of this problem?

 

Thanks in advance for any and all advice you could give me. Take care, Whitney

Hijack Report 3-2-2011 10 00 pm.txt

[So_sad]

Hi Whitney,

 

http://forums.techguy.org/windows-xp/983400-error-msg-windows-cannot-find.html

 

Please do not post for help on multiple forums. Forum helpers are volunteers, overworked, yet very committed to helping people. Once you start getting advice from more than one person and you don't let all parties know what you're doing, then big trouble can happen - for YOU. Fixing computers over the Internet is tricky enough. Thanks...

 

Now, about your problem : go ahead and run an updated Malwarebytes's Anti-Malware scan as advised over at TSG. They'll probably move your topic to malware removal ; that's fine. MBAM will probably find the Run value responsible for those "box" errors and fix them for you. Hijack scan is showing traces of a pretty nasty trojan infection, which appears to have been partially removed, by AVG perhaps. Does an infected "csrss.exe" in a Temp folder ring a bell ? Look inside your AVG vault ; maybe it's still there ;)

 

Anyway, run the anti-malware program (new version with latest updates) and see what it finds.

 

I'll keep an eye on your progress over there.

 

Good luck..

 

==========

[So_sad]

Uhm, I didn't mean moving this thread to malware removal here ; I was talking about the thread over at TSG being moved once they notice detections in the logs.

 

No big deal ;)

 

===

[So_sad]

I've just PMed our member to let her know this topic was moved.

 

===

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

****************************************************

Are you experiencing any other problems other than that message at startup?

Also, please do not attach your logs unless absolutely necessary. Copy and poste them in your reply.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*****************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***********************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

[Whitney11763]

Hijack Files ~ which are good/bad?

 

Superdave ~ In response to your well-written instruction via post yesterday, I have followed what you said to do but

 

1) I uninstalled Microsoft Security Essentials prior to the requested scans;

2) I still have Pareto Logic on my computer (which I am asking for a refund) and did not remove until I receive an answer from the company for a refund.

 

Superantispyware scan resulted in no threats hence no log to report back.

 

Malwarebytes log is below:

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5975

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

3/6/2011 12:42:21 PM

mbam-log-2011-03-06 (12-42-21).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 181341

Time elapsed: 24 minute(s), 52 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

*************************************

 

DDS logs are below (DDS & Attach):

 

DDS.txt

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Owner at 12:55:50.04 on Sun 03/06/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.246.43 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\imapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Owner\Desktop\dds.pif

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uWindows: load=?�

uWindows: Run=?�

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [svrWsc]

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\4nsuvh2y.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/m/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-28 14776]

RUnknown SASDIFSV;SASDIFSV; [x]

RUnknown SASKUTIL;SASKUTIL; [x]

S1 MpKsl6471d092;MpKsl6471d092;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{772a7704-ff73-4905-a9b2-ddcfc08a2e81}\mpksl6471d092.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{772a7704-ff73-4905-a9b2-ddcfc08a2e81}\MpKsl6471d092.sys [?]

S1 MpKsle38e7383;MpKsle38e7383;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c6da650-25ff-4b83-a22c-6d310a3d552e}\mpksle38e7383.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c6da650-25ff-4b83-a22c-6d310a3d552e}\MpKsle38e7383.sys [?]

S1 MpKslee99799d;MpKslee99799d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c6da650-25ff-4b83-a22c-6d310a3d552e}\mpkslee99799d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c6da650-25ff-4b83-a22c-6d310a3d552e}\MpKslee99799d.sys [?]

S1 MpKslf87ae8be;MpKslf87ae8be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{772a7704-ff73-4905-a9b2-ddcfc08a2e81}\mpkslf87ae8be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{772a7704-ff73-4905-a9b2-ddcfc08a2e81}\MpKslf87ae8be.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-7-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-03-06 18:15:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-06 18:15:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-06 18:01:28 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-03-06 18:01:14 -------- d-----w- c:\program files\Uniblue

2011-03-06 16:02:26 -------- d-----w- c:\windows\Downloaded Program Files

2011-03-05 18:34:05 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WMTools Downloaded Files

2011-03-04 20:29:55 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-03-04 12:52:27 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-03-04 12:52:25 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2011-03-04 12:52:23 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2011-03-04 12:52:22 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys

2011-03-04 12:52:21 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys

2011-03-04 12:52:21 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys

2011-03-04 12:52:20 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys

2011-03-04 12:52:19 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys

2011-03-04 12:49:19 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-03-03 02:53:02 -------- d-----w- c:\windows\system32\wbem\Logs

2011-03-03 02:07:11 -------- d-----w- C:\MPC

2011-03-03 02:05:49 987904 ----a-r- c:\windows\system32\drivers\HSF_DPV.sys

2011-03-03 02:05:49 212992 ----a-r- c:\windows\system32\UCI32M19.dll

2011-03-02 22:32:24 -------- d-----w- c:\docume~1\owner\applic~1\Reviversoft

2011-03-02 22:31:24 16704 ----a-w- c:\windows\system32\roboot.exe

2011-03-02 22:08:39 -------- d-----w- c:\docume~1\owner\applic~1\ParetoLogic

2011-03-02 22:07:45 -------- d-----w- c:\program files\common files\ParetoLogic

2011-03-01 15:44:24 -------- d-----w- c:\windows\system32\drivers\AVG

2011-02-28 21:47:57 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-02-27 11:56:51 -------- d-----w- c:\docume~1\owner\applic~1\uTorrent

2011-02-27 11:09:55 -------- d-----w- c:\program files\common files\xing shared

2011-02-27 00:53:29 -------- dc-h--w- c:\windows\ie8

2011-02-26 04:13:51 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PCHealth

2011-02-24 23:02:11 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll

2011-02-24 22:53:18 -------- d-----w- c:\windows\system32\winrm

2011-02-24 22:52:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-02-24 22:06:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\FreeApp

2011-02-24 14:24:20 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-02-24 14:24:19 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-24 03:58:16 -------- d-----w- c:\docume~1\owner\applic~1\AVG

2011-02-24 01:56:35 -------- d-----w- c:\docume~1\owner\applic~1\AVG10

2011-02-24 01:52:15 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-02-24 01:47:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-02-24 01:33:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-02-21 03:01:15 -------- d-----w- C:\2ca118260f11d4535b517d0320

2011-02-18 23:55:04 -------- d-----w- c:\program files\ezt

2011-02-18 23:24:11 -------- d-----w- c:\program files\W3i

2011-02-18 23:24:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\W3i

2011-02-18 22:43:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\boost_interprocess

2011-02-18 22:41:39 -------- d-----w- c:\docume~1\owner\applic~1\CometPlayer

2011-02-18 22:41:18 -------- d-----w- c:\docume~1\owner\applic~1\tigerplayer

2011-02-18 22:41:06 -------- d-----w- c:\program files\MpcStar

2011-02-18 22:38:21 -------- d-----w- C:\Downloads

2011-02-18 22:36:48 -------- d-----w- c:\docume~1\owner\applic~1\BitComet

2011-02-18 22:36:46 -------- d-----w- c:\program files\BitComet

2011-02-17 13:22:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-02-15 20:27:44 -------- d-----w- c:\docume~1\owner\applic~1\IObit

2011-02-11 19:37:42 -------- d-----w- c:\docume~1\owner\applic~1\TuneUp Software

2011-02-11 19:35:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software

2011-02-11 19:35:07 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2011-02-11 19:05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-11 18:38:54 -------- d-----w- c:\docume~1\owner\applic~1\TeamViewer

2011-02-11 12:31:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Optimizer Pro

2011-02-11 02:02:44 -------- d-----w- c:\windows\PC Digital Safe

2011-02-11 01:59:01 737280 ----a-w- c:\windows\iun6002.exe

2011-02-11 01:58:56 -------- d-----w- C:\SpeedItup-Checkup

2011-02-10 14:37:18 -------- d-----w- c:\docume~1\owner\applic~1\simppulltoolbar

2011-02-10 14:26:55 18944 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe

2011-02-10 14:26:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier

2011-02-09 23:45:21 -------- d-----w- c:\docume~1\owner\applic~1\Tific

2011-02-09 19:54:03 -------- d-----w- c:\docume~1\owner\applic~1\RegistryKeys

.

==================== Find3M ====================

.

2011-02-27 11:09:16 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-02-27 11:09:16 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-02-24 05:44:02 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe

2011-02-24 05:42:46 1355776 ----a-w- c:\windows\system32\msvbvm50.dll

2011-02-24 05:41:53 28672 ----a-w- c:\windows\system32\dbnmpntw.dll

2011-02-24 05:41:53 24576 ----a-w- c:\windows\system32\dbmsvinn.dLL

2011-02-24 05:41:52 24576 ----a-w- c:\windows\system32\dbmsrpcn.dll

2011-02-24 05:41:52 20480 ----a-w- c:\windows\system32\dbmsadsn.dll

2011-02-24 05:41:38 77824 ----a-w- c:\windows\system32\cliconfg.dll

2011-02-24 05:41:38 45056 ----a-w- c:\windows\system32\CleanUp.exe

2011-02-24 05:41:38 24576 ----a-w- c:\windows\system32\cliconfg.rll

2011-02-24 05:41:38 20480 ----a-w- c:\windows\system32\cliconfg.exe

2011-02-24 05:41:19 65536 ----a-w- c:\windows\system32\Audio3d.dll

2011-02-24 05:41:13 765952 ----a-w- c:\windows\system\crlds3d.dll

2011-02-09 12:12:03 0 ----a-w- c:\windows\Ssesah.bin

2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-29 08:21:05 0 ----a-w- c:\windows\amelokah.dll

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec

2010-12-11 00:29:30 2248032 ----a-w- c:\windows\system32\sqlncli.dll

2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 12:56:54.60 ===============

 

Attach txt (I DO NOT KNOW HOW TO ZIP FILES SO I HOPE THIS IS OKAY).

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/24/2009 8:51:57 PM

System Uptime: 3/6/2011 9:25:54 AM (3 hours ago)

.

Motherboard: Dell Inc. | | 0XG312

Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2660/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 52.828 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 2/24/2011 11:21:26 AM - System Checkpoint

RP2: 2/24/2011 4:48:04 PM - Installed Windows XP KB923561.

RP3: 2/24/2011 4:49:40 PM - Installed Windows XP KB973904.

RP4: 2/24/2011 4:50:34 PM - Installed Windows XP Update for Microsoft Windows (KB971513).

RP5: 2/24/2011 4:51:56 PM - Installed Windows XP KB978706.

RP6: 2/24/2011 4:53:01 PM - Installed %1 %2.

RP7: 2/24/2011 4:58:36 PM - Installed Windows XP KB2259922.

RP8: 2/24/2011 5:01:02 PM - Installed Windows XP KB979687.

RP9: 2/24/2011 5:03:12 PM - Installed Windows XP KB971029.

RP10: 2/24/2011 5:31:31 PM - Removed AVG 2011

RP11: 2/24/2011 5:34:44 PM - Removed AVG 2011

RP12: 2/25/2011 7:02:52 PM - System Checkpoint

RP13: 2/25/2011 9:49:28 PM - Installed Microsoft Fix it 50195

RP14: 2/25/2011 10:08:39 PM - Software Distribution Service 3.0

RP15: 2/25/2011 10:30:02 PM - Software Distribution Service 3.0

RP16: 2/26/2011 8:09:26 AM - Installed Java 6 Update 24

RP17: 2/26/2011 6:08:37 PM - Installed Windows Internet Explorer 8.

RP18: 2/26/2011 6:09:37 PM - Software Distribution Service 3.0

RP19: 2/26/2011 6:54:33 PM - Installed Windows Internet Explorer 8.

RP20: 2/26/2011 6:55:35 PM - Software Distribution Service 3.0

RP21: 2/27/2011 12:01:33 AM - Software Distribution Service 3.0

RP22: 2/27/2011 1:54:33 PM - Removed Skype™ 5.1

RP23: 2/28/2011 7:12:59 PM - System Checkpoint

RP24: 3/1/2011 9:41:38 AM - Installed AVG 2011

RP25: 3/1/2011 9:43:58 AM - Installed AVG 2011

RP26: 3/1/2011 1:04:57 PM - Restore Operation

RP27: 3/2/2011 4:37:29 PM - Registry Reviver

RP28: 3/2/2011 7:26:18 PM - PC Health Advisor Backup

RP29: 3/2/2011 8:09:57 PM - Configured SoundMAX

RP30: 3/2/2011 8:10:49 PM - Installed SoundMAX

RP31: 3/2/2011 8:36:14 PM - PC Health Advisor Backup

RP32: 3/2/2011 8:42:21 PM - PC Health Advisor Backup

RP33: 3/2/2011 8:50:11 PM - PC Health Advisor Backup

RP34: 3/3/2011 7:38:12 AM - PC Health Advisor Backup

RP35: 3/3/2011 12:39:34 PM - PC Health Advisor Backup

RP36: 3/4/2011 8:15:35 AM - Software Distribution Service 3.0

RP37: 3/4/2011 8:45:08 AM - Software Distribution Service 3.0

RP38: 3/4/2011 9:14:55 AM - Software Distribution Service 3.0

RP39: 3/4/2011 11:05:55 AM - PC Health Advisor Backup

RP40: 3/4/2011 1:39:02 PM - PC Health Advisor Backup

RP41: 3/4/2011 2:24:05 PM - Removed AVG 2011

RP42: 3/4/2011 2:33:44 PM - Software Distribution Service 3.0

RP43: 3/4/2011 6:08:43 PM - PC Health Advisor Backup

RP44: 3/4/2011 7:00:21 PM - Removed AVG 2011

RP45: 3/4/2011 7:07:18 PM - Removed AVG 2011

RP46: 3/5/2011 7:07:23 PM - Software Distribution Service 3.0

RP47: 3/6/2011 12:00:55 AM - Software Distribution Service 3.0

RP48: 3/6/2011 1:21:38 AM - Software Distribution Service 3.0

RP49: 3/6/2011 6:50:41 AM - PC Health Advisor Backup

RP50: 3/6/2011 7:12:23 AM - PC Health Advisor Backup

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 11.5

Broadcom Gigabit Integrated Controller

Conexant D850 PCI V.92 Modem

Digital Line Detect

GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)

Google Toolbar for Internet Explorer

Google Update Helper

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

InstallIQ Updater

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 24

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.13)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

Octoshape add-in for Adobe Flash Player

ParetoLogic PC Health Advisor

RCA Detective™ 3.0.1.1

RCA easyRip 2.4.9.0

RCA Updater 2.0.0.0

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB978706)

SoundMAX

Uniblue RegistryBooster

Uninstall Dual Mode Camera (V25)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB971029)

Vivitar Experience Image Manager

WebFldrs XP

WebIQ Technology Engine

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/6/2011 1:25:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.99.683.0).

3/6/2011 1:24:09 AM, error: Microsoft Antimalware [2001] -

3/4/2011 9:11:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).

3/4/2011 8:26:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).

3/4/2011 7:03:01 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Owner.

3/4/2011 7:02:55 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiisex.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

3/4/2011 7:02:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

3/4/2011 6:44:47 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

3/4/2011 3:20:18 PM, error: Service Control Manager [7003] - The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

3/4/2011 12:09:30 PM, error: Dhcp [1002] - The IP address lease 68.59.58.115 for the Network Card with network address 0013720F7E27 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

3/3/2011 9:41:20 PM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.

3/2/2011 7:46:37 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

3/2/2011 7:26:51 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

3/2/2011 7:26:51 PM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

3/2/2011 7:26:51 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

3/2/2011 7:26:51 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).

3/2/2011 7:26:51 PM, error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).

3/2/2011 7:26:50 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2011 11:00:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.

3/1/2011 11:00:07 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/1/2011 10:18:43 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.

.

==== End Of File ===========================

 

 

I do appreciate your time and effort in helping me correct my computer problems that you don't know how valuable your expertise is to me and probably everyone else who needs assistance with their computers.

 

Looking forward to hearing from you soon. Take care ~ Whitney

[Superdave]

I uninstalled Microsoft Security Essentials prior to the requested scans;

I don't recall asking you to uninstall your AV program. But, you still have traces of AVG on your computer. You can remove them by running the AVG Removal Tool below.

AVG Antivirus - AVG Antivirus Remover utility

 

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and links posted for each one)

 

* Copy the file path in the below Code box:

 

c:\windows\iun6002.exe 

 

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

**********************************************

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

Uniblue RegistryBooster

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

 

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

 

Further reading: XP Fixes Myth #1: Registry Cleaners

************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**************************************************

Download OTL to your desktop.

 

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

* When the window appears, underneath Output at the top change it to Minimal Output.

* Check the boxes beside LOP Check and Purity Check.

* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

 

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

 

Please copy and pate the contents of these files, one at a time, into your next reply.

 

Note: You may need two or more posts to fit them all in.

[Whitney11763]

Error msg . . .

 

Hey all my computer gurus who have replied to my threads regarding my computer. Just wanted to let you know that I brought my computer down to have it cleaned out and for the price Staples was charging, it was cheaper to get a new one so my friend bought me a new one but now.l . .

 

I am having a problem or should I say another headache. I need now to get my printer to work. Which forum should I post this to? I realize I also need to include with my new thread my OS so if any of you can point me in the direction I need to be in, that would be great.

 

Thanks for all your assistance and like I said in an earlier thread, I will probably be posting threads to this forum. Take care,

 

Whitney

[Superdave]

I'm not too familiar to the other forums on this site but you will need to post it in a hardware forum. If you can't find one here, send me a pm.

[Whitney11763]

Thanks Superdave ~ but I am in the process of dealing with HP forum because I figure that all my computer equip is from HP! Take care, Whitney