[Closed] Friend's seriously infected XP Pro

By learninmypc
Sep 4, 2012
Topic Status:
Not open for further replies.
  1. I was at a friends place last Friday night & it was obvious she lets the kids play on the pc. :eek:
    One of them did something that brought up a disk scan of some sort & I told her not to touch it.
    Once it booted to the desk top, I got the password & decided to check it out.
    It was extremely sluggish & slow, but I did manage to ran a quick scan of Mbam & SAS that took over an hour each & one of them found a Trojan horse.
    I told her & also I noticed she had a paid version of Norton on it which she told me I could remove so I did.
    It was getting late & I had to go so she decided to bring it to me.
    She did so tonight & now I can't run even a quick scan in safe mode. It reboots on its own. I tried posting the Mbam log,but it rebooted as I was doing that.
    After trying for 5 hours tonight, I finally shut it down & ask for your input.
    When it boots up, the blue scan type thingy takes longer than on mine. I think the harddrive might be going,but I'm not the expert.TIA.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    When I first booted up this morning, I got this screenshot BOOT UP 1.jpg .I tapped F1 as it suggested,but it repeated itsself so I pulled the plug.Waited a few minutes & plugged it back in. Same thing. I was finally able to get into techspot & as I was downloading Download AdwCleaner by Xplode onto your Desktop.it rebooted & I'm still trying to get back into techspot to follow thru. I'm on my own pc typing this.
    EDIT; might it be possible to download that program to a flashdrive in hopes I can run it on the infected pc?
  4. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    # AdwCleaner v2.000 - Logfile created 09/06/2012 at 08:23:35
    # Updated 30/08/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Karen - USER-XPOXE1E4M6
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Karen\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\DOCUME~1\David's Territory\LOCALS~1\Temp\searchqutoolbar-manifest.xml
    Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\Bandoo
    Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\searchquband
    Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\SearchquTB
    Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\Searchqutoolbar
    Folder Found : C:\Documents and Settings\David's Territory\Application Data\searchquband
    Folder Found : C:\Documents and Settings\David's Territory\Application Data\SearchquTB
    Folder Found : C:\Documents and Settings\Karen\Application Data\Bandoo
    Folder Found : C:\Documents and Settings\Karen\Application Data\searchquband
    Folder Found : C:\Documents and Settings\Karen\Application Data\SearchquTB
    Folder Found : C:\Documents and Settings\Karen\Application Data\Searchqutoolbar
    Folder Found : C:\Documents and Settings\Master\Application Data\Bandoo
    Folder Found : C:\Documents and Settings\Master\Application Data\searchquband
    Folder Found : C:\Documents and Settings\Master\Application Data\Searchqutoolbar
    Folder Found : C:\Documents and Settings\User\Application Data\Bandoo
    Folder Found : C:\Documents and Settings\User\Application Data\searchquband
    Folder Found : C:\Documents and Settings\User\Application Data\SearchquTB
    Folder Found : C:\Documents and Settings\User\Application Data\Searchqutoolbar
    Folder Found : C:\Documents and Settings\VoltageSoldier96\Application Data\Bandoo
    Folder Found : C:\Documents and Settings\VoltageSoldier96\Application Data\searchquband
    Folder Found : C:\Documents and Settings\VoltageSoldier96\Application Data\Searchqutoolbar
    Folder Found : C:\Documents and Settings\VoltageSoldier96\Local Settings\Application Data\Conduit
    Folder Found : C:\Documents and Settings\VoltageSoldier96\Local Settings\Application Data\Ilivid Player
    Folder Found : C:\Program Files\Windows iLivid Toolbar
    Folder Found : C:\Program Files\Windows Searchqu Toolbar

    ***** [Registry] *****

    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\eType Toolbar
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
    Key Found : HKCU\Software\SearchquMediabarTb
    Key Found : HKCU\Software\searchqutb
    Key Found : HKCU\Software\searchqutoolbar
    Key Found : HKLM\Software\Bandoo
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestDns
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
    Key Found : HKU\S-1-5-21-3543201817-592446352-2813622070-1008\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default
    File : C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\g080oazx.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\David's Territory\Application Data\Mozilla\Firefox\Profiles\bhqdze4h.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\fgu74a6n.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7185 octets] - [06/09/2012 08:23:35]

    ########## EOF - C:\AdwCleaner[R1].txt - [7245 octets] ##########
  5. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.01.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Karen :: USER-XPOXE1E4M6 [administrator]

    9/2/2012 7:40:50 PM
    mbam-log-2012-09-02 (19-40-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 375064
    Time elapsed: 1 hour(s), 23 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 10
    HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
    HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879027EB77654563EAB92 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 12
    C:\Documents and Settings\All Users\Application Data\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Program Files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

    Files Detected: 16
    C:\Documents and Settings\David's Territory\My Documents\Downloads\ZwinkySetup2.3.80.2.ZJman000 (1).exe (PUP.MyWebSearch) -> No action taken.
    C:\Documents and Settings\David's Territory\My Documents\Downloads\ZwinkySetup2.3.80.2.ZJman000.exe (PUP.MyWebSearch) -> No action taken.
    C:\Documents and Settings\David's Territory\My Documents\Downloads\Unconfirmed 21462.crdownload (PUP.BundleOffers.IIQ) -> No action taken.
    C:\Documents and Settings\David's Territory\My Documents\Downloads\Unconfirmed 85931.crdownload (PUP.BundleOffers.IIQ) -> No action taken.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll (Adware.GamesVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.

    (end)
    IF I'm able to, I'll post updated scans.
  6. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Since the above post, I've tried running Avast in normal & Safe mode & both times it rebooted on me.
    I could hear what I believe was the harddrive making sounds like it was "trying" to function.
    Any suggestions??
  7. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Well, I've been trying all day to do the 5 step prelim but no success. It still reboots on its own. I'm still waiting for other suggestions. Are there any???:confused:
  8. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-06 18:05:16
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_4R080L0 rev.RAMB1TU0
    Running: rdgocys4.exe; Driver: C:\DOCUME~1\Karen\LOCALS~1\Temp\kfnyaaob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB788C932]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB788C79D]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA524966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
  9. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
    Run by Karen at 18:10:04 on 2012-09-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.325 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\WI9130~1\DataMngr\DataMngrUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AirLink101\AWLH6075\Common\RaUI.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Documents and Settings\Karen\Desktop\rdgocys4.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.kirotv.com
    uSearch Page = hxxp://www.google.com
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant =
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [DataMngr] c:\progra~1\wi9130~1\datamngr\DataMngrUI.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
    StartupFolder: c:\docume~1\karen\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awlh6075\common\RaUI.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270386130859
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
    TCP: Interfaces\{5466F5B7-67F5-46C2-9CF6-FF9DAA204FD0} : DhcpNameServer = 192.168.1.5
    TCP: Interfaces\{FBC88B9B-130E-4621-866A-B0C991ABA2E3} : DhcpNameServer = 192.168.1.1 184.16.33.54
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\karen\application data\mozilla\firefox\profiles\g080oazx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.kirotv.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\karen\local settings\application data\robloxversions\version-6ca07d14e2274822\NPRobloxProxy.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-2 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-2 355632]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-2 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-2 44808]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-7-15 8704]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\airlink101\awlh6075\common\RalinkRegistryWriter.exe [2011-3-27 75040]
    R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2011-3-27 966912]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-22 250568]
    S3 ASTRA32;ASTRA32;c:\windows\system32\drivers\astra32.sys [2005-12-27 24544]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-2 114144]
    S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-9-13 16512]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-2 27064]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-09-06 04:02:57 -------- d-----w- c:\program files\ESET
    2012-09-06 03:39:53 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-09-06 02:47:39 -------- d-----w- c:\documents and settings\karen\application data\Abine
    2012-09-05 23:37:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-09-05 23:37:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-09-03 02:32:31 -------- d-----w- c:\program files\CCleaner
    2012-09-03 02:24:55 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-03 02:23:34 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-03 02:22:55 -------- d-----w- c:\program files\AVAST Software
    2012-09-03 02:22:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-09-03 02:10:51 -------- d-----w- c:\documents and settings\karen\application data\Malwarebytes
    2012-09-03 02:10:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-09-03 02:10:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-03 02:10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-03 02:07:21 -------- d-----w- c:\documents and settings\karen\application data\SUPERAntiSpyware.com
    2012-09-03 02:06:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-09-03 01:44:42 -------- d-----w- c:\documents and settings\karen\local settings\application data\VS Revo Group
    2012-09-03 01:41:25 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-09-03 01:41:19 -------- d-----w- c:\program files\VS Revo Group
    2012-09-03 01:22:05 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-03 01:13:58 -------- d-----w- c:\program files\SpywareBlaster
    2012-09-03 00:41:57 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
    2012-09-03 00:41:56 -------- d-----w- c:\program files\Belarc
    2012-08-19 11:02:01 -------- d-sh--w- C:\found.000
    2012-08-08 09:25:36 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
    .
    ==================== Find3M ====================
    .
    2012-09-03 01:27:18 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-03 01:21:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-09-03 01:21:15 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 18:13:08.31 ===============
  10. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/6/2006 9:18:58 AM
    System Uptime: 9/6/2012 5:53:12 PM (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0U1324
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2394/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 7.103 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP872: 8/17/2012 1:39:58 AM - System Checkpoint
    RP873: 8/18/2012 5:57:57 AM - System Checkpoint
    RP874: 8/19/2012 3:03:06 AM - Software Distribution Service 3.0
    RP875: 8/20/2012 6:08:26 AM - System Checkpoint
    RP876: 8/21/2012 6:10:47 AM - System Checkpoint
    RP877: 8/22/2012 7:09:41 AM - System Checkpoint
    RP878: 8/23/2012 8:08:38 AM - System Checkpoint
    RP879: 8/24/2012 9:02:19 AM - System Checkpoint
    RP880: 8/25/2012 9:32:09 AM - System Checkpoint
    RP881: 8/26/2012 10:31:03 AM - System Checkpoint
    RP882: 8/27/2012 11:45:27 AM - System Checkpoint
    RP883: 8/28/2012 12:31:17 PM - System Checkpoint
    RP884: 8/29/2012 2:50:44 PM - System Checkpoint
    RP885: 8/30/2012 10:04:28 PM - System Checkpoint
    RP886: 8/31/2012 10:48:43 PM - System Checkpoint
    RP887: 9/1/2012 10:59:06 PM - System Checkpoint
    RP888: 9/2/2012 6:19:21 PM - Removed Java(TM) 6 Update 31
    RP889: 9/2/2012 6:20:33 PM - Installed Java(TM) 6 Update 35
    RP890: 9/2/2012 6:47:39 PM - Revo Uninstaller Pro's restore point - Norton 360
    RP891: 9/2/2012 7:22:55 PM - avast! Free Antivirus Setup
    RP892: 9/2/2012 7:33:44 PM - Revo Uninstaller Pro's restore point - Google Chrome
    RP893: 9/2/2012 8:32:13 PM - Revo Uninstaller Pro's restore point - Spyware Doctor 7.0
    RP894: 9/4/2012 7:25:49 AM - System Checkpoint
    RP895: 9/5/2012 7:40:47 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    5600
    5600_Help
    5600Trb
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Agere Systems PCI Soft Modem
    AiO_Scan
    AiOSoftware
    AirLink101 AWLH6075
    ALOT Toolbar
    avast! Free Antivirus
    Belarc Advisor 8.2
    BufferChm
    CCleaner
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    ESET Online Scanner v3
    eSupportQFolder
    Fax
    FullDPAppQFolder
    Game Maker 8.0
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hi-Rez Studios Authenticate and Update Service
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Document Viewer 5.3
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Image Zone Express
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HPProductAssistant
    InstantShareDevices
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Connections Drivers
    Java Auto Updater
    Java(TM) 6 Update 35
    Java(TM) 6 Update 4
    Junior Icon Editor
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero - Burning Rom
    NewCopy
    Nexon Game Manager
    OGA Notifier 2.0.0048.0
    OpenOffice.org 2.4
    PanoStandAlone
    PCI SoftV92 Modem
    PhotoGallery
    Pivot Stickfigure Animator
    PowerDVD
    ProductContext
    QuickTime
    RandMap
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Revo Uninstaller Pro 2.5.8
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Sonic_PrimoSDK
    SoundMAX
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    Status
    Steam
    SUPERAntiSpyware
    The Weather Channel App
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Search Protection
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/5/2012 8:48:34 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    9/5/2012 8:42:07 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    9/5/2012 8:16:00 PM, error: Dhcp [1002] - The IP address lease 192.168.2.101 for the Network Card with network address 000D56C7D220 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    9/5/2012 8:11:53 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -172638 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.17:123->65.55.21.21:123) is working properly.
    9/5/2012 7:26:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
    9/5/2012 7:03:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
    9/5/2012 7:03:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ralink Registry Writer service to connect.
    9/5/2012 7:03:19 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/5/2012 7:03:19 PM, error: Service Control Manager [7000] - The Ralink Registry Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/5/2012 6:15:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/5/2012 6:15:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi BANTExt Fips intelppm SASDIFSV SASKUTIL
    9/5/2012 6:07:08 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    9/5/2012 6:03:57 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/5/2012 6:03:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    9/5/2012 5:37:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
    9/5/2012 5:37:52 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    9/5/2012 5:35:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
    9/5/2012 5:35:21 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/5/2012 5:16:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/4/2012 8:53:12 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{78919399-C725-4566-. The master browser is stopping or an election is being forced.
    9/3/2012 4:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
    9/3/2012 4:36:54 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/2/2012 9:10:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    9/2/2012 9:08:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    9/2/2012 6:36:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    9/2/2012 6:36:02 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/2/2012 5:50:34 PM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    8/30/2012 8:57:50 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -172641 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.2.102:123->65.55.21.17:123) is working properly.
    .
    ==== End Of File ===========================
  11. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Well, since I'm still unable to do any type of AV/spyware scan, I'm going to wait for the results of the above programs.
    I see no reason to try to do a scan if there is a logical reason something is stopping it from happening.
    I did receive an email from the owner asking whats going on & I told her. I didn't give her the link to this thread,but I might.:)
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  13. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Good morning. IF I can get this pc to boot up, I'll do such.
    So far I've been trying for an hour & it will not.:( I will continue trying but if it don't, my only alternative will be to notify its owner & tell her its time to get it.
    Yes,I've even tried tapping the F8 key to get it in Safe Mode but still no joy:'(
    In my opinion I think the harddrive is bad because its almost always making noises.
  14. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Well, after trying two or three times in safe & normal mode to run Combofix, the pc still reboots by its self so I sent the link to the owner so her Husband can check it out. I believe the harddrive is bad because it sounds terrible.
    If in fact it is as bad as it sounds,I see no sense in cleaning a bad harddrive.
    I did try to analyze the harddrive to see if it needed defragging, but it rebooted in the process.
    So, unless you have any other suggestion, I'm at a loss of options.
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Get that hard drive tested for sure. Would you like me to close this topic?
  16. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    I do not normally stray from the helpers directions, but after my last post I shut the pc down completely. After a bit I restarted it & I was able to run combofix but I never saw a log to post & upon rebooting,I think I did see a recovery console but not sure.
    Then I came into this forum & started looking around & saw this http://www.techspot.com/community/topics/drive-diagnostic-utilities-compendium.7602/
    So I decided it might not hurt to try this "Built in utiilty for Windows 2000/XP. Start --> Run. Type chkdsk /r for full scan."
    Started the pc back up & started it.
    Whether it froze up or I got impatient,I don't know but I powered off. Restarted the pc & it restarted the checkdisk. I let it run & again I think it froze so I again stopped it,restarted it & terminated the disk check.
    I was then able to run a quick scan with SAS & it came up clean.
    I tried running a quick scan of Mbam but the pc rebooted. Whether it was from the 4 objects it found or from what I think is a bad harddrive, I don't know.
    I have notified the owner of my cautiously optimistic progress & would like to find a free program to see the condition of the harddrive. Do you know of one?
    I may not be the smartest one here, but I don't see any reason to clean up a possibly damaged harddrive. Can you answer that for me?
    As I have said before, the harddrive has sounded terrible at times, It hasn't sounded as bad since the chkdsk.
    I'll be gone for a bit today & am going to once again "try" the check disk,hoping I cut it off prematurely & it does get done.
    If there is hope for the harddrive, don't close this thread. :)
  17. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    Am I going to get answers to my question(s)? I'm a very patient individual, but I'm still waiting for some answers from you. The owner would like to know too.:confused:
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Please be patient, as we do this service for free. Sometimes life, family, sickness, etc. are first priorities. We know you need help, but we try to have one helper per user that needs help. This prevents confusion.


    Run HDD Diagnostics - http://www.carrona.org/hddiag.html
  19. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,161   +225

    I fully understand & I am one patient individual. I too am helping a friend for free & I will "try" to use your link in hopes it works.I will post back with the results & pray all get well on all sides:)God Bless you.
    Upon closer examination, NO Recovery Console was created.It says something like "Do Not use Debugger mode":confused:
    I'm sorry, NO blank CD's available nor money to buy them. If this can be done using a flashdrive,I can do that.
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Make your flash drive bootable, place the file on the flash drive, and we'll see if that works, good luck!

    If you need more help, please post in the following section: http://www.techspot.com/community/forums/windows-os.15/

    Since this is beyond the scope of my help, this topic is now closed.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.