Near constant hard drive activity

[ken545]

Nothing really jumping out at me, lets do this

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[dsmryder]

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Virginia1\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Virginia1\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Kids
->Temp folder emptied: 214948289 bytes
->Temporary Internet Files folder emptied: 1061733447 bytes
->Java cache emptied: 15 bytes
->Flash cache emptied: 64576 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 144862 bytes

User: Makayla
->Temp folder emptied: 35540853 bytes
->Temporary Internet Files folder emptied: 251323377 bytes
->Java cache emptied: 154768 bytes
->Flash cache emptied: 11122 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 849032 bytes

User: Owner

User: Robert
->Temp folder emptied: 30094128 bytes

User: Virginia
->Temp folder emptied: 27255467 bytes
->Temporary Internet Files folder emptied: 247865220 bytes
->Java cache emptied: 398450 bytes

User: Virginia1
->Temp folder emptied: 486755577 bytes
->Temporary Internet Files folder emptied: 455705768 bytes
->Java cache emptied: 29151629 bytes
->Flash cache emptied: 126760 bytes

User: Virginia2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56207298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 143410612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,901.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11052011_105330

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH12WK4Q\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-23;u13=;u14=;u15=;ord=1;num=4266352283188[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\IGYQTQHG\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-23;u13=;u14=;u15=;ord=1;num=6336014666217[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\GIXDOK5C\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-21;u13=;u14=;u15=;ord=1;num=1543614380659[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\GIXDOK5C\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-21;u13=;u14=;u15=;ord=1;num=2097503409642[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\GIXDOK5C\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-23;u13=;u14=;u15=;ord=1;num=1714112360204[1].htm not found!
C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat moved successfully.

Registry entries deleted on Reboot...

[dsmryder]

C:\Documents and Settings\All Users\Documents\My Music\other music\friends forever t squad cute girl has orgasm on webcam.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

[ken545]

Hi,

Sorry for the delay, been off for a few days .

I would delete this
C:\Documents and Settings\All Users\Documents\My Music\other music\friends forever t squad cute girl has orgasm on webcam.mp3


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[dsmryder]

ComboFix 11-11-06.01 - Virginia1 11/06/2011 10:40:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.537 [GMT -5:00]
Running from: C:\Documents and Settings\Virginia1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Default User\WINDOWS
C:\Documents and Settings\Kids\WINDOWS
C:\Documents and Settings\Makayla\WINDOWS
C:\Documents and Settings\Virginia\WINDOWS
C:\Documents and Settings\Virginia1\WINDOWS
C:\WINDOWS\system32\config\systemprofile\WINDOWS


((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))


2011-11-05 15:41:59 . 2011-11-05 15:41:59 -------- d-----w- C:\Program Files\ESET
2011-11-05 14:53:30 . 2011-11-05 14:53:31 -------- d-----w- C:\_OTL
2011-11-02 04:52:56 . 2011-11-02 04:52:56 -------- d-----w- C:\Documents and Settings\Virginia1\Application Data\Malwarebytes
2011-11-02 04:52:41 . 2011-11-02 04:52:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-11-02 04:52:36 . 2011-11-02 04:52:48 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-02 04:52:36 . 2011-08-31 21:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-02 04:47:15 . 2011-11-02 04:47:15 -------- d-----w- C:\Program Files\VS Revo Group
2011-10-27 02:03:08 . 2011-10-27 02:03:28 -------- d-----w- C:\Program Files\ERUNT
2011-10-27 01:22:16 . 2011-10-27 01:22:16 -------- d-----w- C:\Program Files\Trend Micro
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-21 13:09:28 . 2011-06-23 00:48:52 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03 . 2010-06-12 00:54:26 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-10-03 06:37:52 . 2009-12-05 12:12:55 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-09-26 15:41:20 . 2008-07-29 23:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 15:41:20 . 2005-11-05 00:53:09 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 15:41:14 . 2005-11-05 00:53:09 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-09-09 09:12:13 . 2005-11-05 00:52:28 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-06 13:20:51 . 2005-11-05 00:53:31 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-08-22 23:48:55 . 2005-11-05 00:53:31 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-08-22 23:48:54 . 2005-11-05 00:52:51 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-08-22 23:48:54 . 2005-11-05 00:52:47 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-08-22 11:56:39 . 2005-11-05 00:52:46 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-08-17 13:49:54 . 2005-11-05 00:52:21 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys
2010-04-18 13:29:29 . 2010-04-18 13:31:32 115331072 ----a-w- C:\Program Files\Samsung New PC Studio.msi


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\lpk.dll
[7] 2004-08-04 12:00:00 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

((((((((((((((((((((((((((((( SnapShot@2011-11-06_14.25.38 )))))))))))))))))))))))))))))))))))))))))

+ 2011-11-06 14:57:55 . 2011-11-06 14:57:55 16384 C:\WINDOWS\Temp\Perflib_Perfdata_684.dat
+ 2011-11-06 14:57:43 . 2011-11-06 14:57:43 16384 C:\WINDOWS\Temp\Perflib_Perfdata_1f4.dat
+ 2005-11-05 00:53:10 . 2011-11-06 15:37:04 72582 C:\WINDOWS\system32\perfc009.dat
+ 2005-11-05 00:53:10 . 2011-11-06 15:37:04 443482 C:\WINDOWS\system32\perfh009.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 08:32:20 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 03:56:47 68856]
"GameDrive"="C:\Program Files\FarStone\GameDrive\gdtask.exe" [2003-05-21 14:34:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 19:14:06 15473664]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 01:05:00 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 23:28:02 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 23:26:40 688218]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 21:07:16 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 18:24:50 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29:08 88203]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 13:10:00 122940]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 05:00:12 282624]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 18:52:42 1077322]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 00:13:20 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 01:37:26 151552]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-20 01:30:00 45632]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-07-11 11:51:26 1695744]
"GameDrive"="C:\Program Files\FarStone\GameDrive\GDTask.exe" [2003-05-21 14:34:38 94208]
"Auto EPSON Stylus CX5400 on MAIN"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [BU]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 22:38:18 421888]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 15:54:08 150016]
"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2011-09-10 10:28:50 2338656]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\Kids\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [N/A]

C:\Documents and Settings\Virginia1\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [N/A]
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Metamail Trust Manager.lnk - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-11-29 329472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Atari\\Risk II\\RiskII.exe"=
"C:\\Program Files\\FarStone\\GameDrive\\MGR.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Diablo\\diablo.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hasbro Interactive\\Battleship SURFACE THUNDER\\Battleship2.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"C:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN
"427:UDP"= 427:UDP:SLP_Port(427)

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13:02 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [3/16/2011 3:03:20 PM 32592]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [11/27/2006 9:05:05 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [1/7/2011 5:41:46 AM 248656]
R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [4/4/2011 11:59:56 PM 297168]
R1 gdxwdm;GDXWDM;C:\WINDOWS\system32\drivers\gdxwdm.sys [5/24/2003 4:34:46 AM 59937]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 12:33:06 AM 7390560]
R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33:42 AM 269520]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [4/18/2010 8:37:52 AM 238952]
R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53:52 AM 24144]
R3 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53:54 AM 27216]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [4/18/2010 8:37:52 AM 36608]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2/4/2010 8:40:16 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2/4/2010 8:40:16 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2011-09-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34:12 . 2008-07-30 16:34:12]

2011-11-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:40:16 . 2010-02-05 01:40:07]

2011-11-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:40:16 . 2010-02-05 01:40:07]


------- Supplementary Scan -------

uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: honda.com\www.in
TCP: DhcpNameServer = 192.168.1.254

[Jack&Jill]

Hello dsmryder ,

ken545 will not be available for couple of days, so I will step in to help you.

The ComboFix log is incomplete, but we will come back to it if required later.

After reviewing the all the results so far, I think your hard disk is failing.

Some backup option for you as below, please backup your data if you have not, then we will check the hard disk.

These articles; System Backup for Windows XP and XP Backup, explain the whats and hows using the Windows built-in backup tool.

Some good and free alternative third party backup or imaging softwares that you can consider are Cobian Backup and Macrium Reflect. Tutorial for Cobian Backup can be found here and Macrium Reflect here.

For paid version, Acronis True Image Home is a good option.

--------------------

Proceed this step after you have completed backup.

Check your hard disk for error

• Go to Start > Run.... Copy and paste the following text into the white box:
  
  Code:

  cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

• Click OK. A command prompt window will appear for a while. Please wait until it closes.
• Post the contents of checkhd.txt. It is found on your desktop.

--------------------

Please post back:
1. chkdsk result

[dsmryder]

What do you think of gparted

[Jack&Jill]

Hello dsmryder ,

Frankly, I am not familiar with it. Does not appear to be a backup program.

Please post chkdsk result.

[dsmryder]

The type of the file system is NTFS.
Volume label is SQ003982P01.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

69755094 KB total disk space.
50441324 KB in 134858 files.
60652 KB in 11391 indexes.
0 KB in bad sectors.
363574 KB in use by the system.
65536 KB occupied by the log file.
18889544 KB available on disk.

4096 bytes in each allocation unit.
17438773 total allocation units on disk.
4722386 allocation units available on disk.


I tried to perform some back_up options, I kept getting read and write errors.
I guess I should run chkdsk again? Could I use the same switches and redirects to get a text file?

[Jack&Jill]

Hello dsmryder ,

Could you provide me the exact error messages? Are you using the Windows backup tool or a third party backup software? If they are not working correctly, you could try copying all your important data to an external drive or burn them into CDs or DVDs.

--------------------

Go to Start > Run.... Copy and paste the following text into the white box:

Code:

cmd /c chkdsk c: /f

Chkdsk will proceed a fix and you may need to reboot your computer.
If you need help, please take a look at this Chkdsk tutorial.

--------------------

Please download MiniToolBox© by farbar and save it to your desktop. Click here.

• Double click on MiniToolBox.exe to run it.
  Please check (tick) the following options:
  
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
• Click on the GO button. A log will open.
• Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. if already done backup
2. how did the chkdsk fix go
3. MiniToolBox result
3. an update on how the computer is behaving