ESET online scanner

patm · August 31, 2012, 02:00:31 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by pjm at 21:11:58 on 2012-08-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2271 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Privatefirewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.8.0.14\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343353129859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343353459609
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F56F6A23-9AB7-455C-A5A1-AAE901428D25} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1308000.00e\symds.sys [2012-8-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1308000.00e\symefa.sys [2012-8-14 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.7.1.5\definitions\bashdefs\20120823.007\BHDrvx86.sys [2012-6-18 821920]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1308000.00e\ccsetx86.sys [2012-8-14 132768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1308000.00e\ironx86.sys [2012-8-14 149624]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-7-27 12184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-27 655944]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2012-5-31 374160]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-8-27 185856]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-8-9 103040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.7.1.5\definitions\ipsdefs\20120829.001\IDSXpx86.sys [2012-8-29 373216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-27 22344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.7.1.5\definitions\virusdefs\20120830.002\NAVENG.SYS [2012-8-30 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.7.1.5\definitions\virusdefs\20120830.002\NAVEX15.SYS [2012-8-30 1601184]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2012-8-29 135272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-27 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-26 250568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-27 116648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-26 27064]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-22 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-30 19:51:02   --------   d-----w-   c:\program files\ESET
2012-08-30 07:03:35   --------   d-----w-   c:\program files\CCleaner
2012-08-30 06:59:38   --------   d-----w-   c:\documents and settings\pjm\application data\IObit
2012-08-30 00:00:50   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\TNT2
2012-08-29 09:51:31   --------   d-----w-   c:\windows\pss
2012-08-29 04:25:40   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Privatefirewall
2012-08-29 04:23:25   135272   ----a-w-   c:\windows\system32\drivers\pwipf6.sys
2012-08-29 04:23:22   --------   d-----w-   c:\documents and settings\all users\application data\Privacyware
2012-08-29 04:23:21   --------   d-----w-   c:\program files\Privacyware
2012-08-29 00:36:04   --------   d-sha-r-   C:\cmdcons
2012-08-28 21:34:03   --------   d-----w-   c:\program files\ThreatExpert Memory Scanner
2012-08-28 02:19:09   --------   d-----w-   c:\documents and settings\pjm\application data\uTorrent
2012-08-27 16:24:52   --------   d-----w-   c:\program files\Web Assistant
2012-08-27 15:19:36   --------   d-----w-   c:\program files\Nero
2012-08-25 21:44:49   --------   d-----w-   c:\windows\SxsCaPendDel
2012-08-25 03:31:17   --------   d-----w-   c:\documents and settings\all users\application data\Nero
2012-08-25 02:37:55   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Nero_AG
2012-08-25 02:06:14   248672   ----a-w-   c:\windows\system32\d3dx11_43.dll
2012-08-25 02:06:07   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2012-08-25 02:06:01   470880   ----a-w-   c:\windows\system32\d3dx10_43.dll
2012-08-25 02:05:54   1998168   ----a-w-   c:\windows\system32\D3DX9_43.dll
2012-08-25 02:05:47   4379984   ----a-w-   c:\windows\system32\D3DX9_40.dll
2012-08-25 02:05:41   1868128   ----a-w-   c:\windows\system32\d3dcsx_43.dll
2012-08-25 02:05:34   3727720   ----a-w-   c:\windows\system32\d3dx9_35.dll
2012-08-25 02:05:27   2106216   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2012-08-25 02:05:19   3497832   ----a-w-   c:\windows\system32\d3dx9_34.dll
2012-08-25 01:53:13   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Help
2012-08-24 22:33:45   --------   d-----w-   c:\documents and settings\all users\application data\vsosdk
2012-08-24 15:42:11   --------   d-----w-   c:\program files\MSXML 4.0
2012-08-24 05:02:01   --------   d-----w-   c:\documents and settings\all users\application data\LightScribe
2012-08-24 03:21:34   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Ahead
2012-08-22 08:16:09   13024   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2012-08-22 08:16:07   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\SlimWare Utilities Inc
2012-08-22 08:09:00   --------   d-----w-   C:\Temp
2012-08-22 03:59:01   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\FixItCenter
2012-08-22 03:56:22   --------   d-----w-   c:\windows\MATS
2012-08-22 03:56:21   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-08-20 22:12:40   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-08-20 22:12:40   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
2012-08-20 07:09:16   --------   d-----w-   c:\program files\Winamp Detect
2012-08-20 06:28:42   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Secunia PSI
2012-08-20 06:28:23   --------   d-----w-   c:\program files\Secunia
2012-08-18 14:48:50   --------   d-----w-   c:\documents and settings\pjm\application data\WinZip
2012-08-18 04:43:44   --------   d-----w-   c:\documents and settings\all users\application data\Tarma Installer
2012-08-18 03:30:16   --------   d-----w-   c:\documents and settings\pjm\application data\DVDFab
2012-08-18 03:26:01   --------   d-----w-   c:\program files\DVDFab 8 Qt
2012-08-17 01:50:39   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Mozilla
2012-08-16 19:54:40   --------   d-----w-   c:\documents and settings\all users\application data\dvdfab
2012-08-15 01:23:40   345208   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\symtdiv.sys
2012-08-15 01:23:39   924320   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\symefa.sys
2012-08-15 01:23:39   574112   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\srtsp.sys
2012-08-15 01:23:39   388216   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\symtdi.sys
2012-08-15 01:23:39   340088   ----a-r-   c:\windows\system32\drivers\nav\1308000.00e\symds.sys
2012-08-15 01:23:39   32928   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\srtspx.sys
2012-08-15 01:23:39   318584   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\symnets.sys
2012-08-15 01:23:39   149624   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\ironx86.sys
2012-08-15 01:23:39   132768   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\ccsetx86.sys
2012-08-15 01:23:28   8942   ----a-w-   c:\windows\system32\drivers\nav\1308000.00e\symvtcer.dat
2012-08-15 01:23:28   --------   d-----w-   c:\windows\system32\drivers\nav\1308000.00E
2012-08-14 01:10:01   138752   -c--a-w-   c:\windows\system32\dllcache\sndvol32.exe
2012-08-14 01:10:01   138752   ----a-w-   c:\windows\system32\sndvol32.exe
2012-08-14 00:56:50   --------   d-----w-   c:\documents and settings\pjm\application data\ElevatedDiagnostics
2012-08-13 22:04:05   991232   ----a-w-   c:\windows\system32\virtear.dll
2012-08-13 22:04:05   65536   ----a-w-   c:\windows\system32\Audio3d.dll
2012-08-13 22:04:05   49152   ----a-w-   c:\windows\system32\DSndUp.exe
2012-08-13 22:04:05   45056   ----a-w-   c:\windows\system32\CleanUp.exe
2012-08-13 22:04:05   --------   d-----w-   c:\windows\VirtualEar
2012-08-13 22:04:05   --------   d-----w-   c:\program files\Analog Devices
2012-08-13 20:57:22   82501   -c--a-w-   c:\windows\system32\dllcache\bckg.dll
2012-08-10 01:30:34   --------   d-----w-   c:\program files\ATI
2012-08-10 01:28:11   --------   d-----w-   C:\AMD
2012-08-10 00:07:06   103040   ----a-w-   c:\windows\system32\drivers\AtihdXP3.sys
2012-08-06 06:21:58   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\ATI
2012-08-06 06:21:21   0   ----a-w-   c:\windows\ativpsrm.bin
2012-08-05 00:31:34   --------   d-----w-   c:\documents and settings\all users\application data\ClubSanDisk
2012-08-04 19:35:52   --------   d-----w-   c:\documents and settings\pjm\local settings\application data\Proxure
2012-08-03 01:26:03   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-08-03 01:26:03   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-08-03 01:26:03   --------   d-----w-   c:\program files\Symantec
2012-08-03 01:26:03   --------   d-----w-   c:\program files\common files\Symantec Shared
2012-08-03 01:25:46   --------   d-----w-   c:\windows\system32\drivers\NAV
2012-08-03 01:25:45   --------   d-----w-   c:\program files\Norton AntiVirus
2012-08-02 09:19:23   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-08-02 09:19:23   --------   d-----w-   c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-08-23 01:38:44   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 01:38:44   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-10 00:01:16   16400   ----a-w-   c:\windows\system32\drivers\LNonPnP.sys
2012-07-27 03:38:08   10592128   ----a-w-   C:\IE8-WindowsXP-KB2618444-x86-ENU.exe
2012-07-27 03:37:11   629288   ----a-w-   C:\WindowsXP-KB932823-v3-x86-ENU.exe
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ----a-w-   c:\windows\system32\html.iec
2012-06-11 18:57:18   6629888   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2012-06-11 17:38:56   19587072   ----a-w-   c:\windows\system32\atioglxx.dll
2012-06-11 17:15:08   307200   ----a-w-   c:\windows\system32\atiiiexx.dll
2012-06-11 17:13:50   442368   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:12:38   305664   ----a-w-   c:\windows\system32\ati2dvag.dll
2012-06-11 17:10:24   4579904   ----a-w-   c:\windows\system32\ati3duag.dll
2012-06-11 16:51:52   212992   ----a-w-   c:\windows\system32\atipdlxx.dll
2012-06-11 16:51:40   163840   ----a-w-   c:\windows\system32\Oemdspif.dll
2012-06-11 16:51:30   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2012-06-11 16:51:20   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2012-06-11 16:51:04   192512   ----a-w-   c:\windows\system32\ati2evxx.dll
2012-06-11 16:50:30   3565440   ----a-w-   c:\windows\system32\ativvaxx.dll
2012-06-11 16:49:48   643072   ----a-w-   c:\windows\system32\ati2evxx.exe
2012-06-11 16:48:28   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2012-06-11 16:45:28   163840   ----a-w-   c:\windows\system32\atiapfxx.exe
2012-06-11 16:40:58   835584   ----a-w-   c:\windows\system32\atikvmag.dll
2012-06-11 16:36:28   638976   ----a-w-   c:\windows\system32\atiok3x2.dll
2012-06-11 16:35:42   241664   ----a-w-   c:\windows\system32\atiadlxx.dll
2012-06-11 16:35:20   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2012-06-11 16:33:46   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:28:54   675840   ----a-w-   c:\windows\system32\ati2cqag.dll
2012-06-11 16:25:50   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2012-06-11 16:25:50   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2012-06-05 15:50:25   1372672   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-05 15:50:25   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-04 21:35:26   222448   ----a-w-   c:\windows\system32\muweb.dll
2012-06-04 04:32:08   152576   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 19:19:44   22040   ----a-w-   c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38   219160   ----a-w-   c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38   15384   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34   15384   ----a-w-   c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30   17944   ----a-w-   c:\windows\system32\wuaueng.dll.mui
.
============= FINISH: 21:12:57.48 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/26/2012 8:08:52 PM
System Uptime: 8/30/2012 9:01:55 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 463 GiB total, 405.97 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/30/2012 7:39:14 PM - System Checkpoint
RP2: 8/30/2012 7:40:00 PM - eset good
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD Catalyst Install Manager
AtomTime Pro 3.1d
Auslogics Disk Defrag
Auslogics Registry Cleaner
AutoSizer
Belarc Advisor 8.2
Broadcom Gigabit Integrated Controller
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Dell Support Center
DVDFab 8.2.0.7 (25/08/2012) Qt
eReg
ESET Online Scanner v3
Exact Audio Copy 1.0beta3
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer (Enable DEP)
LAME v3.99.3 (for Windows)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Norton AntiVirus
Privatefirewall 7.0
Revo Uninstaller 1.94
Revo Uninstaller Pro 2.5.8
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware
ThreatExpert Memory Scanner 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Media Format Runtime
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/29/2012 4:34:08 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BESTOFMASS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F56F6A23-9AB7-455. The master browser is stopping or an election is being forced.
8/29/2012 4:28:58 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (IP) - Privacyware Filter Miniport' (Root\PWIPF6MP\0001) disappeared from the system without first being prepared for removal.
8/29/2012 4:28:58 PM, error: PlugPlayManager [12] - The device 'Broadcom NetXtreme 57xx Gigabit Controller - Privacyware Filter Miniport' (Root\PWIPF6MP\0000) disappeared from the system without first being prepared for removal.
8/28/2012 8:37:02 PM, error: Service Control Manager [7034] - The Web Assistant Updater service terminated unexpectedly. It has done this 1 time(s).
8/28/2012 8:31:38 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HALMAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F56F6A23-9AB7-455C-A5. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
ESET Online Scanner v3
Norton AntiVirus
Privatefirewall 7.0
`````````Anti-malware/Other Utilities Check:`````````[/u]
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Auslogics Registry Cleaner
Adobe Flash Player    11.4.402.265
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Privatefirewall 6.1 pfsvc.exe
Norton AntiVirus Engine 19.8.0.14 ccSvcHst.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````[/u]

esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=686e16663efbf54ba1b5f7f6bed399bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-31 12:07:11
# local_time=2012-08-30 08:07:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777190 85 68 454805 164438172 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59829
# found=0
# cleaned=0
# scan_time=1248

patm

Corrine · August 31, 2012, 02:25:50 PM

Thank you, patm.

Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

patm · August 31, 2012, 09:30:10 PM

question for combofix. i turned off norton av but while running combofix i got a message box from norton saying scan ran and finished. shortly afterwood another message from norton saying the computer will shut down in so many seconds - i clicked cancel. combofix finished. i dont know why the scan ran as i turned norton av off but would it have interfered with combofix's results. also, cant find c: combofix.txt but i copied and saved the log when finished.

patm

Corrine · August 31, 2012, 09:59:24 PM

Norton is like that, patm. :D

If you haven't restarted your computer, please do so now. Then, please copy/paste the ComboFix log that you saved.

patm · August 31, 2012, 10:28:39 PM

ComboFix 12-08-31.01 - pjm 08/31/2012 16:46:43.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2289 [GMT -4:00]
Running from: c:\documents and settings\pjm\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-30 19:51 . 2012-08-30 19:51   --------   d-----w-   c:\program files\ESET
2012-08-30 07:03 . 2012-08-30 07:03   --------   d-----w-   c:\program files\CCleaner
2012-08-30 06:59 . 2012-08-30 06:59   --------   d-----w-   c:\documents and settings\pjm\Application Data\IObit
2012-08-30 00:00 . 2012-08-30 00:00   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\TNT2
2012-08-29 04:25 . 2012-08-29 04:25   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Privatefirewall
2012-08-29 04:23 . 2012-05-25 22:34   135272   ----a-w-   c:\windows\system32\drivers\pwipf6.sys
2012-08-29 04:23 . 2012-08-29 04:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Privacyware
2012-08-29 04:23 . 2012-08-29 04:23   --------   d-----w-   c:\program files\Privacyware
2012-08-28 21:34 . 2012-08-31 04:04   --------   d-----w-   c:\program files\ThreatExpert Memory Scanner
2012-08-28 02:19 . 2012-08-29 03:05   --------   d-----w-   c:\documents and settings\pjm\Application Data\uTorrent
2012-08-27 16:25 . 2012-08-27 16:26   447   ----a-w-   C:\user.js
2012-08-27 16:24 . 2012-08-29 00:42   --------   d-----w-   c:\program files\Web Assistant
2012-08-27 15:19 . 2012-08-27 15:20   --------   d-----w-   c:\program files\Common Files\Ahead
2012-08-27 15:19 . 2012-08-27 15:19   --------   d-----w-   c:\program files\Nero
2012-08-26 21:51 . 2012-08-27 15:31   --------   d-----w-   c:\program files\Common Files\LightScribe
2012-08-25 21:44 . 2012-08-25 21:46   --------   d-----w-   c:\windows\SxsCaPendDel
2012-08-25 03:31 . 2012-08-27 15:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Nero
2012-08-25 02:37 . 2012-08-25 02:37   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Nero_AG
2012-08-25 02:37 . 2012-08-27 01:04   --------   d-----w-   c:\documents and settings\pjm\Application Data\Nero
2012-08-25 02:06 . 2010-05-26 15:41   248672   ----a-w-   c:\windows\system32\d3dx11_43.dll
2012-08-25 02:06 . 2009-09-04 21:29   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2012-08-25 02:06 . 2010-05-26 15:41   470880   ----a-w-   c:\windows\system32\d3dx10_43.dll
2012-08-25 02:05 . 2010-05-26 15:41   1998168   ----a-w-   c:\windows\system32\D3DX9_43.dll
2012-08-25 02:05 . 2008-10-15 10:22   4379984   ----a-w-   c:\windows\system32\D3DX9_40.dll
2012-08-25 02:05 . 2010-05-26 15:41   1868128   ----a-w-   c:\windows\system32\d3dcsx_43.dll
2012-08-25 02:05 . 2007-07-19 22:14   3727720   ----a-w-   c:\windows\system32\d3dx9_35.dll
2012-08-25 02:05 . 2010-05-26 15:41   2106216   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2012-08-25 02:05 . 2007-05-16 20:45   3497832   ----a-w-   c:\windows\system32\d3dx9_34.dll
2012-08-25 01:53 . 2012-08-25 01:53   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Help
2012-08-24 23:18 . 2012-08-24 23:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ahead
2012-08-24 22:33 . 2012-08-24 22:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\vsosdk
2012-08-24 15:42 . 2012-08-24 15:42   --------   d-----w-   c:\program files\MSXML 4.0
2012-08-24 05:02 . 2012-08-24 05:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\LightScribe
2012-08-24 03:54 . 2012-08-24 03:57   --------   d-----w-   c:\documents and settings\pjm\Application Data\Ahead
2012-08-24 03:21 . 2012-08-27 15:23   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Ahead
2012-08-22 08:16 . 2012-08-22 08:16   13024   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2012-08-22 08:16 . 2012-08-22 08:16   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\SlimWare Utilities Inc
2012-08-22 08:09 . 2012-08-24 04:55   --------   d-----w-   C:\Temp
2012-08-22 03:59 . 2012-08-22 03:59   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\FixItCenter
2012-08-22 03:56 . 2012-08-22 03:56   --------   d-----w-   c:\windows\MATS
2012-08-22 03:56 . 2012-08-22 03:56   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-08-20 22:12 . 2012-06-02 19:18   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-08-20 07:09 . 2012-08-20 07:09   --------   d-----w-   c:\program files\Winamp Detect
2012-08-20 07:09 . 2012-08-31 03:50   --------   d-----w-   c:\documents and settings\pjm\Application Data\Winamp
2012-08-20 07:09 . 2012-08-20 07:09   --------   d-----w-   c:\program files\Winamp
2012-08-20 06:28 . 2012-08-20 06:28   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Secunia PSI
2012-08-20 06:28 . 2012-08-20 06:28   --------   d-----w-   c:\program files\Secunia
2012-08-18 14:48 . 2012-08-30 02:25   --------   d-----w-   c:\documents and settings\pjm\Application Data\WinZip
2012-08-18 04:43 . 2012-08-27 16:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-18 03:30 . 2012-08-18 03:30   --------   d-----w-   c:\documents and settings\pjm\Application Data\DVDFab
2012-08-18 03:26 . 2012-08-28 03:19   --------   d-----w-   c:\program files\DVDFab 8 Qt
2012-08-17 01:50 . 2012-08-17 01:50   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Mozilla
2012-08-16 19:54 . 2012-08-16 19:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\dvdfab
2012-08-14 09:39 . 2012-08-14 09:39   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2012-08-14 09:39 . 2012-08-14 09:39   --------   d-sh--w-   c:\documents and settings\LocalService\IECompatCache
2012-08-14 09:18 . 2012-08-14 09:18   --------   d-----w-   c:\program files\Microsoft.NET
2012-08-14 01:10 . 2001-08-18 02:36   138752   -c--a-w-   c:\windows\system32\dllcache\sndvol32.exe
2012-08-14 01:10 . 2001-08-18 02:36   138752   ----a-w-   c:\windows\system32\sndvol32.exe
2012-08-14 00:56 . 2012-08-22 03:45   --------   d-----w-   c:\documents and settings\pjm\Application Data\ElevatedDiagnostics
2012-08-13 22:04 . 2012-08-13 23:02   --------   d-----w-   c:\windows\VirtualEar
2012-08-13 22:04 . 2012-08-13 22:04   --------   d-----w-   c:\program files\Analog Devices
2012-08-13 22:04 . 2004-11-19 14:00   49152   ----a-w-   c:\windows\system32\DSndUp.exe
2012-08-13 22:04 . 2003-08-19 22:36   65536   ----a-w-   c:\windows\system32\Audio3d.dll
2012-08-13 22:04 . 2002-04-17 18:05   45056   ----a-w-   c:\windows\system32\CleanUp.exe
2012-08-13 22:04 . 2001-10-04 18:50   991232   ----a-w-   c:\windows\system32\virtear.dll
2012-08-13 20:57 . 2008-04-14 07:00   82501   -c--a-w-   c:\windows\system32\dllcache\bckg.dll
2012-08-10 01:36 . 2012-08-10 01:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATI
2012-08-10 01:30 . 2012-08-27 00:54   --------   dc----w-   c:\windows\system32\DRVSTORE
2012-08-10 01:30 . 2012-08-10 01:30   --------   d-----w-   c:\program files\ATI
2012-08-10 01:28 . 2012-08-10 01:28   --------   d-----w-   C:\AMD
2012-08-10 00:07 . 2012-05-14 06:12   103040   ----a-w-   c:\windows\system32\drivers\AtihdXP3.sys
2012-08-06 06:21 . 2012-08-06 06:21   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\ATI
2012-08-06 06:21 . 2012-08-06 06:21   --------   d-----w-   c:\documents and settings\pjm\Application Data\ATI
2012-08-06 06:21 . 2012-08-06 06:21   0   ----a-w-   c:\windows\ativpsrm.bin
2012-08-05 00:31 . 2012-08-05 00:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\ClubSanDisk
2012-08-04 19:35 . 2012-08-04 19:35   --------   d-----w-   c:\documents and settings\pjm\Local Settings\Application Data\Proxure
2012-08-03 10:56 . 2012-08-03 10:56   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2012-08-03 01:26 . 2012-08-03 01:28   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2012-08-03 01:26 . 2012-08-03 01:26   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-08-03 01:26 . 2012-08-03 01:26   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-08-03 01:26 . 2012-08-03 01:26   --------   d-----w-   c:\program files\Symantec
2012-08-03 01:25 . 2012-08-15 01:26   --------   d-----w-   c:\windows\system32\drivers\NAV
2012-08-03 01:25 . 2012-08-03 01:25   --------   d-----w-   c:\program files\Norton AntiVirus
2012-08-02 09:19 . 2012-08-02 09:19   --------   d-----w-   c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 01:38 . 2012-07-27 02:03   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 01:38 . 2012-07-27 02:03   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-10 00:01 . 2012-07-27 23:13   16400   ----a-w-   c:\windows\system32\drivers\LNonPnP.sys
2012-07-27 23:13 . 2012-07-27 23:13   53248   ----a-r-   c:\documents and settings\pjm\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-27 03:38 . 2012-07-27 03:37   10592128   ----a-w-   C:\IE8-WindowsXP-KB2618444-x86-ENU.exe
2012-07-27 03:37 . 2012-07-27 03:37   629288   ----a-w-   C:\WindowsXP-KB932823-v3-x86-ENU.exe
2012-07-06 13:58 . 2004-08-12 13:55   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-07-27 00:03   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2012-07-27 06:33   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-12 14:09   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-12 14:09   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-12 13:59   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-12 13:58   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-12 13:57   385024   ----a-w-   c:\windows\system32\html.iec
2012-06-11 18:57 . 2012-07-23 10:56   6629888   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2012-06-11 17:38 . 2012-07-23 10:56   19587072   ----a-w-   c:\windows\system32\atioglxx.dll
2012-06-11 17:15 . 2012-07-23 10:56   307200   ----a-w-   c:\windows\system32\atiiiexx.dll
2012-06-11 17:13 . 2010-02-11 04:46   442368   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:12 . 2012-07-23 10:56   305664   ----a-w-   c:\windows\system32\ati2dvag.dll
2012-06-11 17:10 . 2012-07-23 10:56   4579904   ----a-w-   c:\windows\system32\ati3duag.dll
2012-06-11 16:51 . 2012-07-23 10:56   212992   ----a-w-   c:\windows\system32\atipdlxx.dll
2012-06-11 16:51 . 2012-07-23 10:56   163840   ----a-w-   c:\windows\system32\Oemdspif.dll
2012-06-11 16:51 . 2012-07-23 10:56   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2012-06-11 16:51 . 2012-07-23 10:56   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2012-06-11 16:51 . 2012-07-23 10:56   192512   ----a-w-   c:\windows\system32\ati2evxx.dll
2012-06-11 16:50 . 2012-07-23 10:56   3565440   ----a-w-   c:\windows\system32\ativvaxx.dll
2012-06-11 16:49 . 2012-07-23 10:56   643072   ----a-w-   c:\windows\system32\ati2evxx.exe
2012-06-11 16:48 . 2012-07-23 10:56   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2012-06-11 16:45 . 2011-12-06 02:28   163840   ----a-w-   c:\windows\system32\atiapfxx.exe
2012-06-11 16:40 . 2012-07-23 10:56   835584   ----a-w-   c:\windows\system32\atikvmag.dll
2012-06-11 16:36 . 2010-02-11 04:37   638976   ----a-w-   c:\windows\system32\atiok3x2.dll
2012-06-11 16:35 . 2010-02-11 03:54   241664   ----a-w-   c:\windows\system32\atiadlxx.dll
2012-06-11 16:35 . 2012-07-23 10:56   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2012-06-11 16:33 . 2012-07-23 10:56   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:28 . 2012-07-23 10:56   675840   ----a-w-   c:\windows\system32\ati2cqag.dll
2012-06-11 16:25 . 2011-12-06 02:10   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2012-06-11 16:25 . 2010-02-11 03:59   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2012-06-05 15:50 . 2012-07-27 03:27   1372672   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-12 14:01   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2012-07-27 00:05   210968   ----a-w-   c:\windows\system32\wuweb.dll
2012-06-04 21:35 . 2012-06-04 21:35   222448   ----a-w-   c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-12 14:04   152576   ----a-w-   c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-28 39408]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2012-08-02 131072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2012-05-31 3006840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03   66328   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\pjm\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1308000.00E\symds.sys [8/14/2012 9:23 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1308000.00E\symefa.sys [8/14/2012 9:23 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120823.007\BHDrvx86.sys [6/18/2012 8:01 PM 821920]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1308000.00E\ccsetx86.sys [8/14/2012 9:23 PM 132768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1308000.00E\ironx86.sys [8/14/2012 9:23 PM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/27/2012 7:12 PM 12184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/27/2012 2:33 AM 655944]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe [8/14/2012 9:23 PM 138272]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [5/31/2012 5:26 PM 374160]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 4:46 AM 681056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8/9/2012 8:07 PM 103040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 2:47 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120830.001\IDSXpx86.sys [8/30/2012 9:54 PM 373216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/27/2012 2:33 AM 22344]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [8/29/2012 12:23 AM 135272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2012 8:04 PM 116648]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [8/27/2012 12:24 PM 185856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/26/2012 10:03 PM 250568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2012 8:04 PM 116648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/26/2012 10:04 PM 27064]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 4:46 AM 1326176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/22/2012 4:16 AM 13024]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 01:38]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-28 22:58]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-28 22:58]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1592454029-839522115-1004Core.job
- c:\documents and settings\pjm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-27 22:53]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1592454029-839522115-1004UA.job
- c:\documents and settings\pjm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-27 22:53]
.
2012-08-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-23 05:33]
.
.
------- Supplementary Scan -------
.
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 16:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(632)
c:\windows\system32\WININET.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-08-31 16:56:54
ComboFix-quarantined-files.txt 2012-08-31 20:56
.
Pre-Run: 435,860,340,736 bytes free
Post-Run: 435,876,450,304 bytes free
.
- - End Of File - - 8DFED5F166829B8E64C345B6DF81CE6A

Corrine · August 31, 2012, 11:33:42 PM

Good job, patm!

That showed me what I needed to see and it looks like all is well now. Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

Quote from: patm on August 30, 2012, 03:35:52 AM
do you recommend running any other diagnostic. i have norton av 2012, malwarebytes, superantispyware and spybot on my windows xp home. any others recommended.

I didn't want to answer your question until I saw what was on your computer. You certainly have sufficient protection with A/V and Firewall. The three additional programs may be a bit overkill but as long as you are only using them for occasional scans, it is fine to keep them all. Don't forget Secunia which checks if your system is missing security updates or has insecure applications.

One program I would suggest adding is SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html It is necessary to periodically check SpywareBlaster for updates.

Please confirm let me know if you have any questions.

patm · September 01, 2012, 01:39:03 AM

hello,

i went to empty the recycle bin on drive C and got a message that it was corrupted. i remember i got the same message during combofix. how can i fix this.

patm

Corrine · September 01, 2012, 02:26:02 PM

Hi, patm. Let's see if SFC solves the problem. Please perform a SFC (System File Checker) scan which will check and fix any corrupted files on your system.

Click Start, and then type cmd in the Start Search box.
Right-click cmd in the Programs list, and then right-click Run as administrator.
If you are prompted for an administrator password or confirmation, type your password or click Continue
At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the backslash)
When the scan is complete, if no errors are found, restart your computer and post back
If the message does not say "Windows resource protection did not find any integrity violations", restart your computer and run System File Checker again.

Note: You may need to run System File Checker up to three times to resolve all corrupted files. Please advise if you still have corrupted files after a fourth run.

patm · September 01, 2012, 11:17:49 PM

ran scannow. while running got pop up o put in xp os disc. i did. scan continued. the black box appeared - same as when startd. i restarted pc and message said please wait the continued normal boot. do i run again.

patm

Corrine · September 02, 2012, 12:03:32 AM

Hi, patm.

Take a look at the images on this is website that show the prompt for the CD. When the process is completed, the last box will close: http://askmaggymae.com/Maintenance/sfcxp.htm

patm · September 02, 2012, 02:00:45 AM

do i follow the instructions on that site as listed.

patm

patm · September 02, 2012, 03:27:38 AM

hello,

is this logic correct. i run scannow and the popup does not appear telling me to insert my xp os disc. this means all files scanned are ok. but if i run scannow and the popup does appear asking me to insert my xp os disc then this means some files are not ok and have to be copied from the disk. so from this i deduce that i should keep running scannow until it does not ask me to insert the xp os disc.

patm

Corrine · September 02, 2012, 02:24:33 PM

Hi, patm.

It has been a long time since I've used Windows XP but I believe your logic is correct. Are you still getting the message that the Recycle Bin is corrupt? If so, you can see if this Microsoft Fixit Solution repairs the errors: Diagnose and repair Windows File and Folder Problems automatically.

Should that not solve the problem, I found a Hotfix that you can request from Microsoft.

Go to Error Message: The Recycle Bin on C:\ Is Corrupt or Invalid... and click the link for "Hotfix Download Available".
After you accept the agreement, you will be redirected to a page to select the version for your computer.
Click the link under #1, "Show hotfixes for all platforms and languages (48)
Check the second box for "Windows XP English i386 PKG24266"
Complete the e-mail information for the Hotfix to be sent to you.

MikeW · September 02, 2012, 07:04:01 PM

Quote from: patm on September 02, 2012, 03:27:38 AM
hello,

is this logic correct. i run scannow and the popup does not appear telling me to insert my xp os disc. this means all files scanned are ok. but if i run scannow and the popup does appear asking me to insert my xp os disc then this means some files are not ok and have to be copied from the disk. so from this i deduce that i should keep running scannow until it does not ask me to insert the xp os disc.

patm

No, Strangely XP does not work that way. It always asks for the disk. Its report goes in the event log. If it just says it was carried out successfully. Then no changes were made. If it did make changes they will be listed in the event log.

Corrine · September 02, 2012, 08:25:21 PM

Thanks, MikeW. Your input is appreciated.