[Closed] Friend's seriously infected XP Pro

Status
Not open for further replies.

learninmypc

Posts: 9,662   +724
I was at a friends place last Friday night & it was obvious she lets the kids play on the pc. :eek:
One of them did something that brought up a disk scan of some sort & I told her not to touch it.
Once it booted to the desk top, I got the password & decided to check it out.
It was extremely sluggish & slow, but I did manage to ran a quick scan of Mbam & SAS that took over an hour each & one of them found a Trojan horse.
I told her & also I noticed she had a paid version of Norton on it which she told me I could remove so I did.
It was getting late & I had to go so she decided to bring it to me.
She did so tonight & now I can't run even a quick scan in safe mode. It reboots on its own. I tried posting the Mbam log,but it rebooted as I was doing that.
After trying for 5 hours tonight, I finally shut it down & ask for your input.
When it boots up, the blue scan type thingy takes longer than on mine. I think the harddrive might be going,but I'm not the expert.TIA.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
When I first booted up this morning, I got this screenshotBOOT UP 1.jpg .I tapped F1 as it suggested,but it repeated itsself so I pulled the plug.Waited a few minutes & plugged it back in. Same thing. I was finally able to get into techspot & as I was downloading Download AdwCleaner by Xplode onto your Desktop.it rebooted & I'm still trying to get back into techspot to follow thru. I'm on my own pc typing this.
EDIT; might it be possible to download that program to a flashdrive in hopes I can run it on the infected pc?
 
# AdwCleaner v2.000 - Logfile created 09/06/2012 at 08:23:35
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Karen - USER-XPOXE1E4M6
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Karen\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\DOCUME~1\David's Territory\LOCALS~1\Temp\searchqutoolbar-manifest.xml
Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\Bandoo
Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\searchquband
Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\SearchquTB
Folder Found : C:\Documents and Settings\ABIDEMI\Application Data\Searchqutoolbar
Folder Found : C:\Documents and Settings\David's Territory\Application Data\searchquband
Folder Found : C:\Documents and Settings\David's Territory\Application Data\SearchquTB
Folder Found : C:\Documents and Settings\Karen\Application Data\Bandoo
Folder Found : C:\Documents and Settings\Karen\Application Data\searchquband
Folder Found : C:\Documents and Settings\Karen\Application Data\SearchquTB
Folder Found : C:\Documents and Settings\Karen\Application Data\Searchqutoolbar
Folder Found : C:\Documents and Settings\Master\Application Data\Bandoo
Folder Found : C:\Documents and Settings\Master\Application Data\searchquband
Folder Found : C:\Documents and Settings\Master\Application Data\Searchqutoolbar
Folder Found : C:\Documents and Settings\User\Application Data\Bandoo
Folder Found : C:\Documents and Settings\User\Application Data\searchquband
Folder Found : C:\Documents and Settings\User\Application Data\SearchquTB
Folder Found : C:\Documents and Settings\User\Application Data\Searchqutoolbar
Folder Found : C:\Documents and Settings\VoltageSoldier96\Application Data\Bandoo
Folder Found : C:\Documents and Settings\VoltageSoldier96\Application Data\searchquband
Folder Found : C:\Documents and Settings\VoltageSoldier96\Application Data\Searchqutoolbar
Folder Found : C:\Documents and Settings\VoltageSoldier96\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\VoltageSoldier96\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Program Files\Windows iLivid Toolbar
Folder Found : C:\Program Files\Windows Searchqu Toolbar

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\eType Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKCU\Software\SearchquMediabarTb
Key Found : HKCU\Software\searchqutb
Key Found : HKCU\Software\searchqutoolbar
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestDns
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Found : HKU\S-1-5-21-3543201817-592446352-2813622070-1008\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\g080oazx.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\David's Territory\Application Data\Mozilla\Firefox\Profiles\bhqdze4h.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\fgu74a6n.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7185 octets] - [06/09/2012 08:23:35]

########## EOF - C:\AdwCleaner[R1].txt - [7245 octets] ##########
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Karen :: USER-XPOXE1E4M6 [administrator]

9/2/2012 7:40:50 PM
mbam-log-2012-09-02 (19-40-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375064
Time elapsed: 1 hour(s), 23 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879027EB77654563EAB92 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Documents and Settings\All Users\Application Data\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Detected: 16
C:\Documents and Settings\David's Territory\My Documents\Downloads\ZwinkySetup2.3.80.2.ZJman000 (1).exe (PUP.MyWebSearch) -> No action taken.
C:\Documents and Settings\David's Territory\My Documents\Downloads\ZwinkySetup2.3.80.2.ZJman000.exe (PUP.MyWebSearch) -> No action taken.
C:\Documents and Settings\David's Territory\My Documents\Downloads\Unconfirmed 21462.crdownload (PUP.BundleOffers.IIQ) -> No action taken.
C:\Documents and Settings\David's Territory\My Documents\Downloads\Unconfirmed 85931.crdownload (PUP.BundleOffers.IIQ) -> No action taken.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ABIDEMI\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.

(end)
IF I'm able to, I'll post updated scans.
 
Since the above post, I've tried running Avast in normal & Safe mode & both times it rebooted on me.
I could hear what I believe was the harddrive making sounds like it was "trying" to function.
Any suggestions??
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-06 18:05:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_4R080L0 rev.RAMB1TU0
Running: rdgocys4.exe; Driver: C:\DOCUME~1\Karen\LOCALS~1\Temp\kfnyaaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB788C932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB788C79D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA524966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by Karen at 18:10:04 on 2012-09-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.325 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WI9130~1\DataMngr\DataMngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AirLink101\AWLH6075\Common\RaUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Karen\Desktop\rdgocys4.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.kirotv.com
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [DataMngr] c:\progra~1\wi9130~1\datamngr\DataMngrUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
StartupFolder: c:\docume~1\karen\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awlh6075\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270386130859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{5466F5B7-67F5-46C2-9CF6-FF9DAA204FD0} : DhcpNameServer = 192.168.1.5
TCP: Interfaces\{FBC88B9B-130E-4621-866A-B0C991ABA2E3} : DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\karen\application data\mozilla\firefox\profiles\g080oazx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kirotv.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\karen\local settings\application data\robloxversions\version-6ca07d14e2274822\NPRobloxProxy.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-2 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-2 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-2 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-2 44808]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-7-15 8704]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\airlink101\awlh6075\common\RalinkRegistryWriter.exe [2011-3-27 75040]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2011-3-27 966912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-22 250568]
S3 ASTRA32;ASTRA32;c:\windows\system32\drivers\astra32.sys [2005-12-27 24544]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-2 114144]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-9-13 16512]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-2 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-06 04:02:57 -------- d-----w- c:\program files\ESET
2012-09-06 03:39:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-06 02:47:39 -------- d-----w- c:\documents and settings\karen\application data\Abine
2012-09-05 23:37:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-05 23:37:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-09-03 02:32:31 -------- d-----w- c:\program files\CCleaner
2012-09-03 02:24:55 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-03 02:23:34 41224 ----a-w- c:\windows\avastSS.scr
2012-09-03 02:22:55 -------- d-----w- c:\program files\AVAST Software
2012-09-03 02:22:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-09-03 02:10:51 -------- d-----w- c:\documents and settings\karen\application data\Malwarebytes
2012-09-03 02:10:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-03 02:10:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 02:10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-03 02:07:21 -------- d-----w- c:\documents and settings\karen\application data\SUPERAntiSpyware.com
2012-09-03 02:06:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-03 01:44:42 -------- d-----w- c:\documents and settings\karen\local settings\application data\VS Revo Group
2012-09-03 01:41:25 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-03 01:41:19 -------- d-----w- c:\program files\VS Revo Group
2012-09-03 01:22:05 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 01:13:58 -------- d-----w- c:\program files\SpywareBlaster
2012-09-03 00:41:57 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-09-03 00:41:56 -------- d-----w- c:\program files\Belarc
2012-08-19 11:02:01 -------- d-sh--w- C:\found.000
2012-08-08 09:25:36 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
.
==================== Find3M ====================
.
2012-09-03 01:27:18 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 01:21:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-03 01:21:15 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 18:13:08.31 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2006 9:18:58 AM
System Uptime: 9/6/2012 5:53:12 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U1324
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2394/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 7.103 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP872: 8/17/2012 1:39:58 AM - System Checkpoint
RP873: 8/18/2012 5:57:57 AM - System Checkpoint
RP874: 8/19/2012 3:03:06 AM - Software Distribution Service 3.0
RP875: 8/20/2012 6:08:26 AM - System Checkpoint
RP876: 8/21/2012 6:10:47 AM - System Checkpoint
RP877: 8/22/2012 7:09:41 AM - System Checkpoint
RP878: 8/23/2012 8:08:38 AM - System Checkpoint
RP879: 8/24/2012 9:02:19 AM - System Checkpoint
RP880: 8/25/2012 9:32:09 AM - System Checkpoint
RP881: 8/26/2012 10:31:03 AM - System Checkpoint
RP882: 8/27/2012 11:45:27 AM - System Checkpoint
RP883: 8/28/2012 12:31:17 PM - System Checkpoint
RP884: 8/29/2012 2:50:44 PM - System Checkpoint
RP885: 8/30/2012 10:04:28 PM - System Checkpoint
RP886: 8/31/2012 10:48:43 PM - System Checkpoint
RP887: 9/1/2012 10:59:06 PM - System Checkpoint
RP888: 9/2/2012 6:19:21 PM - Removed Java(TM) 6 Update 31
RP889: 9/2/2012 6:20:33 PM - Installed Java(TM) 6 Update 35
RP890: 9/2/2012 6:47:39 PM - Revo Uninstaller Pro's restore point - Norton 360
RP891: 9/2/2012 7:22:55 PM - avast! Free Antivirus Setup
RP892: 9/2/2012 7:33:44 PM - Revo Uninstaller Pro's restore point - Google Chrome
RP893: 9/2/2012 8:32:13 PM - Revo Uninstaller Pro's restore point - Spyware Doctor 7.0
RP894: 9/4/2012 7:25:49 AM - System Checkpoint
RP895: 9/5/2012 7:40:47 AM - System Checkpoint
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
AirLink101 AWLH6075
ALOT Toolbar
avast! Free Antivirus
Belarc Advisor 8.2
BufferChm
CCleaner
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
ESET Online Scanner v3
eSupportQFolder
Fax
FullDPAppQFolder
Game Maker 8.0
Google Toolbar for Internet Explorer
Google Update Helper
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InstantShareDevices
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 35
Java(TM) 6 Update 4
Junior Icon Editor
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
NewCopy
Nexon Game Manager
OGA Notifier 2.0.0048.0
OpenOffice.org 2.4
PanoStandAlone
PCI SoftV92 Modem
PhotoGallery
Pivot Stickfigure Animator
PowerDVD
ProductContext
QuickTime
RandMap
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.8
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Spybot - Search & Destroy
SpywareBlaster 4.6
Status
Steam
SUPERAntiSpyware
The Weather Channel App
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/5/2012 8:48:34 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/5/2012 8:42:07 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
9/5/2012 8:16:00 PM, error: Dhcp [1002] - The IP address lease 192.168.2.101 for the Network Card with network address 000D56C7D220 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/5/2012 8:11:53 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -172638 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.17:123->65.55.21.21:123) is working properly.
9/5/2012 7:26:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
9/5/2012 7:03:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
9/5/2012 7:03:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ralink Registry Writer service to connect.
9/5/2012 7:03:19 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2012 7:03:19 PM, error: Service Control Manager [7000] - The Ralink Registry Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2012 6:15:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2012 6:15:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi BANTExt Fips intelppm SASDIFSV SASKUTIL
9/5/2012 6:07:08 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/5/2012 6:03:57 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2012 6:03:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/5/2012 5:37:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
9/5/2012 5:37:52 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
9/5/2012 5:35:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
9/5/2012 5:35:21 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2012 5:16:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/4/2012 8:53:12 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{78919399-C725-4566-. The master browser is stopping or an election is being forced.
9/3/2012 4:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
9/3/2012 4:36:54 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/2/2012 9:10:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
9/2/2012 9:08:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/2/2012 6:36:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/2/2012 6:36:02 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/2/2012 5:50:34 PM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
8/30/2012 8:57:50 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -172641 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.2.102:123->65.55.21.17:123) is working properly.
.
==== End Of File ===========================
 
Well, since I'm still unable to do any type of AV/spyware scan, I'm going to wait for the results of the above programs.
I see no reason to try to do a scan if there is a logical reason something is stopping it from happening.
I did receive an email from the owner asking whats going on & I told her. I didn't give her the link to this thread,but I might.:)
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Good morning. IF I can get this pc to boot up, I'll do such.
So far I've been trying for an hour & it will not.:( I will continue trying but if it don't, my only alternative will be to notify its owner & tell her its time to get it.
Yes,I've even tried tapping the F8 key to get it in Safe Mode but still no joy:'(
In my opinion I think the harddrive is bad because its almost always making noises.
 
Well, after trying two or three times in safe & normal mode to run Combofix, the pc still reboots by its self so I sent the link to the owner so her Husband can check it out. I believe the harddrive is bad because it sounds terrible.
If in fact it is as bad as it sounds,I see no sense in cleaning a bad harddrive.
I did try to analyze the harddrive to see if it needed defragging, but it rebooted in the process.
So, unless you have any other suggestion, I'm at a loss of options.
 
I do not normally stray from the helpers directions, but after my last post I shut the pc down completely. After a bit I restarted it & I was able to run combofix but I never saw a log to post & upon rebooting,I think I did see a recovery console but not sure.
Then I came into this forum & started looking around & saw this https://www.techspot.com/community/topics/drive-diagnostic-utilities-compendium.7602/
So I decided it might not hurt to try this "Built in utiilty for Windows 2000/XP. Start --> Run. Type chkdsk /r for full scan."
Started the pc back up & started it.
Whether it froze up or I got impatient,I don't know but I powered off. Restarted the pc & it restarted the checkdisk. I let it run & again I think it froze so I again stopped it,restarted it & terminated the disk check.
I was then able to run a quick scan with SAS & it came up clean.
I tried running a quick scan of Mbam but the pc rebooted. Whether it was from the 4 objects it found or from what I think is a bad harddrive, I don't know.
I have notified the owner of my cautiously optimistic progress & would like to find a free program to see the condition of the harddrive. Do you know of one?
I may not be the smartest one here, but I don't see any reason to clean up a possibly damaged harddrive. Can you answer that for me?
As I have said before, the harddrive has sounded terrible at times, It hasn't sounded as bad since the chkdsk.
I'll be gone for a bit today & am going to once again "try" the check disk,hoping I cut it off prematurely & it does get done.
If there is hope for the harddrive, don't close this thread. :)
 
Am I going to get answers to my question(s)? I'm a very patient individual, but I'm still waiting for some answers from you. The owner would like to know too.:confused:
 
[center]Hello. Please be patient, as we do this service for free. Sometimes life, family, sickness, etc. are first priorities. We know you need help, but we try to have one helper per user that needs help. This prevents confusion.[/center]

Run HDD Diagnostics - http://www.carrona.org/hddiag.html
 
I fully understand & I am one patient individual. I too am helping a friend for free & I will "try" to use your link in hopes it works.I will post back with the results & pray all get well on all sides:)God Bless you.
Upon closer examination, NO Recovery Console was created.It says something like "Do Not use Debugger mode":confused:
I'm sorry, NO blank CD's available nor money to buy them. If this can be done using a flashdrive,I can do that.
 
Status
Not open for further replies.
Back