PDA

View Full Version : My computer is infected with several viruses! help!


flywelder
2011-06-16, 04:39
Hello, today is 6-15-2011 and below is the story of my problem that began just over 4 weeks ago.


May 2011
My wife's computer is infected with that horrible XP Security Alert 2011. What a mess! I have tried a dozen steps and still it appears. I think it is reincarnating itself!
Malwarebytes has been deactivated some how, and for some reason!!?? But not by me or my wife!?
After several attempts I was able to install and run scans with AVast. and with Stopzilla, and with SuperAnti Spyware. they each find viruses, sometimes 8 then 12 then16 then 25 etc! each has quarantined the found viruses. {They are still quarantined, as i do not know how to tell the software to destroy the viruses..any suggestions please? }

yet, Still XP security alert 2011 rears up!
I have been battling this for more than 4 weeks, I am tired now, I am about to throw in the towel, and throw the computer to the curb!! I need your help please.. please.

I was able to down load: R Kill, and ran it.....not sure of the results as the software appeared, i think it ran, and then disappeared...????

I attempted to re-install Malwarebyts, the installation starts but is suddenly stopped for some unknown reason and the software aborts???? I had Malwarbytes loaded onto the computer before the infection happened, it never found any viruses and I kept it updated. ...odd ???? Now Malwarebytes will not function???

I cannot access the internet now???! So i cannot install ERUNT.


I have tried a dozen times to install spybot, yet cannot complete the download because suddenly XP security alert pops up and changes the browsing page! and so I cannot get to a web page to download spybot. Plus, I can no longer go to any web page!!!!!............not even in safe mode.

This all started when my wife ordered a nursing blouse for work on line. the blouse arrived and so did the security alert! I can ask her what site it was if that would help.
Since that event, we can not see anything in my documents. all the folders and doc. are not there and the folder reads empty. there were at least 15 folders before this XP security alert showed up. there is no internet explorer icon and no other icons are displayed on the desk top. I can only access the internet by going threw the update pages of the anti virus software on my computer such as avast or superspyware. and then, security alert 2011 begins to redirect me!! and I am cut off from the internet!!! I am so mad! I want to get back at the creator of this security alert! why can't they be stopped?

I am using a Belkin wireless router. I am in my home. How did this and other viruses get past my router I wonder? any suggestions on that ?

Her computer is using internet explorer. I tried installing Firefox, but the installation was mysteriously stopped for some unknown reason????

The infected computer is a HP Pavilion, with 512 MB of Ram and using Windows XP home edition. Computer is at least 5-7 years old. it is using 32 bit technology.

Tonight, I scanned the computer with Avast and as it began to quarantine found viruses...the computer went into soft reboot and when I realized it I quickly pressed F8 to go to safe mode. I was successful! However, I still cannot access the internet???!!! I was able to install Fire Fox as the new browser. I was not able to do that when out of 'safe mode'.
Avast is available but not Malwarebytes, and Malwarebytes will still not install , it begins, and then suddenly stops and says "I need to contact the site owner, as a problem has occurred." I believe I can access log files. i think.


OK,.... Today is June 15 2011. I have made some progress. I was able to install and run Avast but not Malwarebytes. Yet I think Malwarebytes is still in the operating system but will not start, for some reason. I was also able to install and run Super AntiSpyware. I was able finally to install Fire fox after I ran Avast several times and Super Anti Spy ware several times. After that I was able to install and run: Smart Defrag and Glary utilities and CCleaner. Both anti spyware programs have found different, yet many, infections. I have them safely held in virus chest and I have logs available from both.

We still are not able to access most documents and folders we created before the infection. Still experiencing several viruses attempting to do harm but Avast has stopped them and put them into the virus chest. same action has been observed with Super Anti Spyware.

Every time the computer boots up or we start the process of surfing the web, Avast finds and stops malware! ..that is crazy! and scary!

Windows firewall keeps being turned off some how...all by itself! ...why?

We are still experiencing having several pop up warnings appear on the monitor and movie adds playing suddenly while we search the web for something unrelated to any movie...weird?

I am hoping you can instruct me on when I should empty the virus vaults...I am not 100% comfortable doing so and not definitely sure just how to do so.

I have several screen prints I made of the many pop ups that appear on the monitor screen, I saved them in paint so that i could share them with the tech that helps me.
tonight I was able to finally install and run Erunt and DDS.
below is the DDS reports.

Presently this computer will not allow me to compress or, uncompress files.

just so you know, Concerning restore points, I personally wouldn't trust any restore point after April 20, 2011 because shortly after that is when the problems with the computer began.

I patiently await your replies, and instructions. I realize your busy, and probably swapped with requests for help. I praise this team for all your efforts!
Sincerely Thanking you in advance, and i really mean thank you!
Flywelder, { David}





.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Biomed at 21:42:29 on 2011-06-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.770 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295721296&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Road Runner High Speed Online
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy01:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://harvestdatasystems.webex.com/client/T23L/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7859C65-4D00-4730-B8E4-BD16EE5AEDB2} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: TPSvc - TPSvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\biomed\application data\mozilla\firefox\profiles\s3grf6ae.default\
FF - prefs.js: browser.startup.homepage - hxxp://cozicentral.cozi.com/
FF - prefs.js: network.proxy.ftp - proxy01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-27 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-8 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-8 42184]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-3-6 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-3-6 49152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-3-6 246936]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2011-06-02 02:19:55 -------- d-----w- c:\documents and settings\biomed\application data\OpenOffice.org
2011-06-02 02:18:09 -------- d-----w- c:\program files\OpenOffice.org 3
2011-05-27 04:14:53 13496 ---ha-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-26 03:07:41 -------- d-----w- c:\program files\Glarysoft
.
==================== Find3M ====================
.
2011-06-12 23:10:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 17:14:27 0 ---ha-w- c:\windows\Pjepocu.bin
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-07 02:22:56 917504 ----a-w- c:\windows\system32\FLASH.OCX
.
============= FINISH: 21:44:09.51 ===============

Below is the Attach. txt report

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2005 8:25:00 AM
System Uptime: 6/15/2011 7:56:25 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | CPU 1 | 2932/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 123.175 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.244 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FB4A311D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FB4A311D800
Service: NIC1394
.
==== System Restore Points ===================
.
RP1868: 3/18/2011 5:01:08 AM - System Checkpoint
RP1869: 3/19/2011 6:01:08 AM - System Checkpoint
RP1870: 3/20/2011 7:13:08 AM - System Checkpoint
RP1871: 3/21/2011 8:13:08 AM - System Checkpoint
RP1872: 3/22/2011 9:13:09 AM - System Checkpoint
RP1873: 3/23/2011 9:16:17 AM - System Checkpoint
RP1874: 3/24/2011 9:57:36 AM - System Checkpoint
RP1875: 3/25/2011 10:57:35 AM - System Checkpoint
RP1876: 3/26/2011 11:14:24 AM - System Checkpoint
RP1877: 3/27/2011 12:15:40 PM - System Checkpoint
RP1878: 3/28/2011 3:00:13 AM - Software Distribution Service 3.0
RP1879: 3/29/2011 3:57:35 AM - System Checkpoint
RP1880: 3/30/2011 4:57:35 AM - System Checkpoint
RP1881: 3/31/2011 5:57:35 AM - System Checkpoint
RP1882: 4/1/2011 6:57:36 AM - System Checkpoint
RP1883: 4/2/2011 7:57:35 AM - System Checkpoint
RP1884: 4/3/2011 8:57:35 AM - System Checkpoint
RP1885: 4/4/2011 8:59:23 AM - System Checkpoint
RP1886: 4/5/2011 9:57:35 AM - System Checkpoint
RP1887: 4/6/2011 2:05:44 PM - System Checkpoint
RP1888: 4/7/2011 2:45:20 PM - System Checkpoint
RP1889: 4/8/2011 5:25:31 PM - System Checkpoint
RP1890: 4/9/2011 5:45:20 PM - System Checkpoint
RP1891: 4/10/2011 6:45:20 PM - System Checkpoint
RP1892: 4/11/2011 7:49:26 PM - System Checkpoint
RP1893: 4/12/2011 8:45:20 PM - System Checkpoint
RP1894: 4/13/2011 8:47:36 PM - System Checkpoint
RP1895: 4/14/2011 9:47:01 PM - System Checkpoint
RP1896: 4/15/2011 10:45:20 PM - System Checkpoint
RP1897: 4/16/2011 11:45:20 PM - System Checkpoint
RP1898: 4/18/2011 12:45:20 AM - System Checkpoint
RP1899: 4/18/2011 3:00:14 AM - Software Distribution Service 3.0
RP1900: 4/19/2011 3:47:42 AM - System Checkpoint
RP1901: 4/20/2011 4:59:41 AM - System Checkpoint
RP1902: 4/21/2011 5:59:41 AM - System Checkpoint
RP1903: 4/22/2011 6:59:41 AM - System Checkpoint
RP1904: 4/23/2011 7:59:41 AM - System Checkpoint
RP1905: 4/23/2011 7:07:55 PM - Restore Operation
RP1906: 4/25/2011 1:33:20 AM - System Checkpoint
RP1907: 4/26/2011 2:27:38 AM - System Checkpoint
RP1908: 4/29/2011 1:40:07 AM - System Checkpoint
RP1909: 5/1/2011 5:20:39 PM - System Checkpoint
RP1910: 5/2/2011 10:21:30 PM - System Checkpoint
RP1911: 5/4/2011 11:47:39 PM - System Checkpoint
RP1912: 5/6/2011 5:33:49 PM - System Checkpoint
RP1913: 5/6/2011 10:47:49 PM - Restore Operation
RP1914: 5/8/2011 10:28:56 AM - System Checkpoint
RP1915: 5/8/2011 12:59:37 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1916: 5/8/2011 4:30:18 PM - avast! Free Antivirus Setup
RP1917: 5/13/2011 3:40:38 PM - System Checkpoint
RP1918: 5/13/2011 7:04:27 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1919: 5/14/2011 8:44:46 PM - System Checkpoint
RP1920: 5/15/2011 10:13:11 PM - System Checkpoint
RP1921: 5/17/2011 6:27:12 PM - System Checkpoint
RP1922: 5/20/2011 6:35:55 AM - System Checkpoint
RP1923: 5/21/2011 10:32:42 AM - System Checkpoint
RP1924: 5/26/2011 10:38:42 PM - System Checkpoint
RP1925: 5/28/2011 12:04:38 AM - System Checkpoint
RP1926: 5/29/2011 12:05:07 AM - System Checkpoint
RP1927: 5/30/2011 3:22:16 AM - System Checkpoint
RP1928: 5/31/2011 9:44:55 AM - System Checkpoint
RP1929: 6/1/2011 10:11:54 AM - System Checkpoint
RP1930: 6/1/2011 10:18:04 PM - Installed OpenOffice.org 3.3
RP1931: 6/3/2011 3:52:18 PM - System Checkpoint
RP1932: 6/4/2011 3:55:39 PM - System Checkpoint
RP1933: 6/5/2011 4:31:31 PM - System Checkpoint
RP1934: 6/6/2011 10:44:36 PM - System Checkpoint
RP1935: 6/12/2011 8:14:01 PM - System Checkpoint
RP1936: 6/13/2011 10:40:52 PM - System Checkpoint
RP1937: 6/14/2011 11:35:38 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
avast! Free Antivirus
BackupManager
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm
CameraDrivers
CCleaner
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour
Destinations
Director
Disk SpeedUp 1.3.0.388
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
Family Tree For Dummies
Fax
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
Glary Utilities 2.34.0.1190
Google Toolbar for Internet Explorer
GoToMeeting 4.5.0.457
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Organize
HP Photosmart Cameras 4.5
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPIZplus450
HpSdpAppCoreApp
HPSystemDiagnostics
IBM iSeries Access for Windows
IBM iSeries Access for Windows SI29771
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.10)
mp
mpmri
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
OpenOffice.org 3.3
Overball from Hewlett-Packard Desktops (remove only)
PanoStandAlone
PC-Doctor for Windows
Phoenix Assault from Hewlett-Packard Desktops (remove only)
PhotoGallery
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Scan
ScannerCopy
Secunia PSI (2.0.0.3003)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
SkinsHP1
Slyder from Hewlett-Packard Desktops (remove only)
Smart Defrag 2
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpySubtract
Super Granny from Hewlett-Packard Desktops (remove only)
SUPERAntiSpyware
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Video Mover
WebEx
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/15/2011 1:56:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/12/2011 7:13:01 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
6/12/2011 7:04:55 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
6/12/2011 6:58:55 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0013D4247088 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Edit
Hello flywelder,

A helper did respond here: http://forums.spybot.info/showthread...056#post405056 (http://forums.spybot.info/showthread.php?p=405056#post405056)

May 20th, 2011
"Due to inactivity, this thread will now be closed."
---------------------------------------------------

Due to the troubles with the computer, I was not able to respond to Blade81's questions. i have been working very hard to get to the level the computer is in now. Just tonight I was able to get Erunt installed and running. However the troubles with the computer are far from over.
Please , oh please don't bail on me.
tonight I saw where the first post i made was closed, I read that I should open a new posting if i still had trouble, so i interpreted that to be what i should do tonight.
http://forums.spybot.info/images/smilies/poster_oops.gif Please forgive me if I made a mistake. and Please don't bail on me. :)
Blade81
2011-06-23, 18:15
Hi,

Please post fresh dds logs if help still needed :)
flywelder
2011-06-29, 06:40
Thank you Blade81!!!!:thanks::thanks::bigthumb:

please give me at least 48 hrs. to gather the info and to understand the steps in order to post the info you request. Just in case, and to cover all bases....if for some odd reason, I have not posted by then, I am most likely having difficulties filling the request, and please contact me again and inquire.

Again thank you!!!!!!!! :)
Blade81
2011-06-29, 10:05
Hi,

Ok, if any step needs more explanation just ask and I try to answer :)
flywelder
2011-07-01, 04:40
Blade I hope I did this correclty...if not, forgive me and then advise where I went wrong, thanks.



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Biomed at 22:06:34 on 2011-06-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.645 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295721296&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Road Runner High Speed Online
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy01:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://harvestdatasystems.webex.com/client/T23L/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7859C65-4D00-4730-B8E4-BD16EE5AEDB2} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: TPSvc - TPSvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\biomed\application data\mozilla\firefox\profiles\s3grf6ae.default\
FF - prefs.js: browser.startup.homepage - hxxp://cozicentral.cozi.com/
FF - prefs.js: network.proxy.ftp - proxy01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-27 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-8 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-8 42184]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-3-6 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-3-6 49152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-3-6 246936]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2011-06-23 20:50:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-23 20:50:10 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-23 20:50:10 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-02 02:19:55 -------- d-----w- c:\documents and settings\biomed\application data\OpenOffice.org
2011-06-02 02:18:09 -------- d-----w- c:\program files\OpenOffice.org 3
.
==================== Find3M ====================
.
2011-06-27 16:35:28 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-23 20:52:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 17:14:27 0 ---ha-w- c:\windows\Pjepocu.bin
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-07 02:22:56 917504 ----a-w- c:\windows\system32\FLASH.OCX
.
============= FINISH: 22:08:03.65 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2005 8:25:00 AM
System Uptime: 6/30/2011 12:31:32 PM (10 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | CPU 1 | 2932/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 122.453 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.244 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FB4A311D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FB4A311D800
Service: NIC1394
.
==== System Restore Points ===================
.
RP1881: 3/31/2011 5:57:35 AM - System Checkpoint
RP1882: 4/1/2011 6:57:36 AM - System Checkpoint
RP1883: 4/2/2011 7:57:35 AM - System Checkpoint
RP1884: 4/3/2011 8:57:35 AM - System Checkpoint
RP1885: 4/4/2011 8:59:23 AM - System Checkpoint
RP1886: 4/5/2011 9:57:35 AM - System Checkpoint
RP1887: 4/6/2011 2:05:44 PM - System Checkpoint
RP1888: 4/7/2011 2:45:20 PM - System Checkpoint
RP1889: 4/8/2011 5:25:31 PM - System Checkpoint
RP1890: 4/9/2011 5:45:20 PM - System Checkpoint
RP1891: 4/10/2011 6:45:20 PM - System Checkpoint
RP1892: 4/11/2011 7:49:26 PM - System Checkpoint
RP1893: 4/12/2011 8:45:20 PM - System Checkpoint
RP1894: 4/13/2011 8:47:36 PM - System Checkpoint
RP1895: 4/14/2011 9:47:01 PM - System Checkpoint
RP1896: 4/15/2011 10:45:20 PM - System Checkpoint
RP1897: 4/16/2011 11:45:20 PM - System Checkpoint
RP1898: 4/18/2011 12:45:20 AM - System Checkpoint
RP1899: 4/18/2011 3:00:14 AM - Software Distribution Service 3.0
RP1900: 4/19/2011 3:47:42 AM - System Checkpoint
RP1901: 4/20/2011 4:59:41 AM - System Checkpoint
RP1902: 4/21/2011 5:59:41 AM - System Checkpoint
RP1903: 4/22/2011 6:59:41 AM - System Checkpoint
RP1904: 4/23/2011 7:59:41 AM - System Checkpoint
RP1905: 4/23/2011 7:07:55 PM - Restore Operation
RP1906: 4/25/2011 1:33:20 AM - System Checkpoint
RP1907: 4/26/2011 2:27:38 AM - System Checkpoint
RP1908: 4/29/2011 1:40:07 AM - System Checkpoint
RP1909: 5/1/2011 5:20:39 PM - System Checkpoint
RP1910: 5/2/2011 10:21:30 PM - System Checkpoint
RP1911: 5/4/2011 11:47:39 PM - System Checkpoint
RP1912: 5/6/2011 5:33:49 PM - System Checkpoint
RP1913: 5/6/2011 10:47:49 PM - Restore Operation
RP1914: 5/8/2011 10:28:56 AM - System Checkpoint
RP1915: 5/8/2011 12:59:37 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1916: 5/8/2011 4:30:18 PM - avast! Free Antivirus Setup
RP1917: 5/13/2011 3:40:38 PM - System Checkpoint
RP1918: 5/13/2011 7:04:27 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1919: 5/14/2011 8:44:46 PM - System Checkpoint
RP1920: 5/15/2011 10:13:11 PM - System Checkpoint
RP1921: 5/17/2011 6:27:12 PM - System Checkpoint
RP1922: 5/20/2011 6:35:55 AM - System Checkpoint
RP1923: 5/21/2011 10:32:42 AM - System Checkpoint
RP1924: 5/26/2011 10:38:42 PM - System Checkpoint
RP1925: 5/28/2011 12:04:38 AM - System Checkpoint
RP1926: 5/29/2011 12:05:07 AM - System Checkpoint
RP1927: 5/30/2011 3:22:16 AM - System Checkpoint
RP1928: 5/31/2011 9:44:55 AM - System Checkpoint
RP1929: 6/1/2011 10:11:54 AM - System Checkpoint
RP1930: 6/1/2011 10:18:04 PM - Installed OpenOffice.org 3.3
RP1931: 6/3/2011 3:52:18 PM - System Checkpoint
RP1932: 6/4/2011 3:55:39 PM - System Checkpoint
RP1933: 6/5/2011 4:31:31 PM - System Checkpoint
RP1934: 6/6/2011 10:44:36 PM - System Checkpoint
RP1935: 6/12/2011 8:14:01 PM - System Checkpoint
RP1936: 6/13/2011 10:40:52 PM - System Checkpoint
RP1937: 6/14/2011 11:35:38 PM - System Checkpoint
RP1938: 6/15/2011 11:47:33 PM - System Checkpoint
RP1939: 6/23/2011 4:56:42 PM - System Checkpoint
RP1940: 6/24/2011 5:23:37 PM - System Checkpoint
RP1941: 6/25/2011 5:45:49 PM - System Checkpoint
RP1942: 6/26/2011 7:09:49 PM - System Checkpoint
RP1943: 6/28/2011 8:15:12 AM - System Checkpoint
RP1944: 6/29/2011 10:35:46 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
avast! Free Antivirus
BackupManager
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm
CameraDrivers
CCleaner
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour
Destinations
Director
Disk SpeedUp 1.3.0.388
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
Family Tree For Dummies
Fax
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
Glary Utilities 2.34.0.1190
Google Toolbar for Internet Explorer
GoToMeeting 4.5.0.457
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Organize
HP Photosmart Cameras 4.5
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPIZplus450
HpSdpAppCoreApp
HPSystemDiagnostics
IBM iSeries Access for Windows
IBM iSeries Access for Windows SI29771
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0 (x86 en-GB)
Mozilla Thunderbird (3.1.11)
mp
mpmri
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
OpenOffice.org 3.3
Overball from Hewlett-Packard Desktops (remove only)
PanoStandAlone
PC-Doctor for Windows
Phoenix Assault from Hewlett-Packard Desktops (remove only)
PhotoGallery
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Scan
ScannerCopy
Secunia PSI (2.0.0.3003)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
SkinsHP1
Slyder from Hewlett-Packard Desktops (remove only)
Smart Defrag 2
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpySubtract
Super Granny from Hewlett-Packard Desktops (remove only)
SUPERAntiSpyware
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Video Mover
WebEx
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/27/2011 12:35:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/27/2011 10:54:11 AM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
6/23/2011 4:41:23 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0013D4247088 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
flywelder
2011-07-01, 05:05
i think I did it correctly now........... :yes:
Blade81
2011-07-01, 20:49
Hi,

First post was correct (we prefer logs copy-pasted when possible) :)


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
flywelder
2011-07-07, 04:33
Just hoping I did everything correctly with regards to your last instructions.
I posted the log reports....yet I don't see my log postings here??:scratch: :confused: If I have incorrectly posted or messed up, please advise where I went wrong. thanks. :):)
Blade81
2011-07-07, 12:15
If you mean GMER log did you copy-paste its contents or try to attach as a file?
flywelder
2011-07-09, 06:32
Hi Blade81!,
yes I am refering to the GMER logs.
I think I attached the logs first time around....but can't say with 100% assuredly.

This time I will paste them.
there will be two logs, one for C drive and one for D drive....I hope to get drive D in on this posting. ...not sure if it will fit, as these logs, are 227 pages long.

Ok so there is a problem with pasting the logs seeing how they are 227 pages because, i was sent notification by the spybot web site that the posting was too long, and I needed to shorten it...which I did,... and what follows is what I could include.
yes I had pasted the entire logs here, just minutes ago, and they did not post on line for they are too lengthy.

Blade81 what do you recommend I do to get the logs to you?


First is drive C

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-04 00:31:03
Windows 5.1.2600 Service Pack 3
Running: f4ge6w6f.exe; Driver: C:\DOCUME~1\Biomed\LOCALS~1\Temp\awlyrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA91EC202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9252CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA92106C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA91EE81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA91EE874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA91EE98A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9210075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA91EE772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA91EE8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA91EE7C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA91EE938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA91EC226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9210D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA921103D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA91EEC0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9210BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9210A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9252D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA91EBFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA91EC24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA91EED82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA91ECCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA91EE84C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA91EE89C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA91EE9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA92103D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA91EE79E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA91EEA46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA91EE904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA91EE7F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA91EEB2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA91EE962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9252DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA92108D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA91ECBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA921072A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA925BE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA920F6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA91EC26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA91EC292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA91EC04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA91EC186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9210E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA91EC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA91EC1AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9426620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA91EC2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9268902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 8 Bytes [1C, E8, 1E, A9, 74, E8, 1E, ...] {SBB AL, 0xe8; PUSH DS; TEST EAX, 0xa91ee874}
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP D656EE3B
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [C4, E8, 1E, A9, C6, E7, 1E, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [38, E9, 1E, A9]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 8 Bytes [4C, E8, 1E, A9, 9C, E8, 1E, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A91ED335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A92642BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A9265D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A9268906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP A91EFCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A91EFBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP A91EEF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP A91EFE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP A91F0040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP A91EFB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP A91EEFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP A91EF1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP A91EF352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP A91EEE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP A91EFC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP A91EFF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP A91EF32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP A91EEE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP A91EFD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP A91EF06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP A91EF0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP A91EF114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP A91EEDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP A91EEF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP A91EF034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP A91EF46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP A91EFEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Biomed\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[108]
Blade81
2011-07-09, 10:21
Hi,

Recommended way is to archive the GMER log into a zip file and then attach that file as an attachment in your post.

To attach a file you should see "Attach Files" with Manage Attachments -button after clicking Reply -button. Manage Attachments opens a new dialog in which you can upload selected file and it will be added to your post.
flywelder
2011-07-10, 06:20
Blade81,
When i right on the log, I am looking for a means to zip it....however there are no words saying zip, or anything remotley similar to zip...??????
.
So I am at a lost on how then to zip the logs so i can get it to you. please advise. I fear that my means to zip a folder or doc. has been altered.
Thanks
Blade81
2011-07-10, 10:59
Hi,

Right click the log file and select Send To -> Compressed (zipped) folder option :)
flywelder
2011-07-12, 04:45
Blade 81 when i followed your instructions there is no zip option offered.
there is the option of sending it or saving the log as a PDF, if this is of any help.? I made a screen print showing the results of right clicking. I will attempt to post that over in the general forums.....

I have posted this as a new topic in the forum as your reply said to do. I am assuming you are instructiong me to find a solution for the zip problem there and then return back to you once i have the zip issue solved? am I correct?
flywelder
2011-07-12, 05:02
Hi all, forgive me if I am posting this question in the wrong place, and then please diret me where I should post it.

My problem is: getting zip to work.
Why?... because a malware experet here, is waiting to read my GMER report log and wants me to zip it then post it.
the experts instructions to me are: Right click the log file and select Send To -> Compressed (zipped) folder option.

problem is when I right click , there is no such option?
I Made a screen print of what I see when i right click the log file, I hope to attach it here so u can see.

What can i do to correct this zip issue? keep in mind I am a novice with computers....know enough to get me in trouble and to come here for help.
Thanks to all who come to my rescue! :thanks:
Blade81
2011-07-12, 10:40
Hi,

Go to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=76) and upload the GMER file there. Kindly include a link to this topic in the message.
flywelder
2011-07-13, 16:22
Blade81,
i wanted to let you know, that the GMER logs have been updated to the site you suggested. so you know, they are weeks old now...and I hope that theyare still valid. if you feel i should run a scan again and submit a new log, I will.

Thanks! :thanks:
you are being so patient and, a tremendouse help, .....we can't say thanks enough!
:bigthumb:
Blade81
2011-07-13, 22:28
Hi again :)


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Blade81
2011-07-20, 09:32
Hi,

What's the status here?
flywelder
2011-07-20, 18:11
Please Forgive the delay, I came down sick and was flat on my back for days.

ComboFix 11-07-20.02 - Biomed 07/20/2011 11:37:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.771 [GMT -4:00]
Running from: c:\documents and settings\Biomed\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-06-23 20:50 . 2011-06-16 04:32 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-23 20:50 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 20:50 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-05-08 20:30 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-05-08 20:30 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-08 20:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-05-08 20:30 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-05-08 20:30 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-05-08 20:30 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-05-08 20:30 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-05-08 20:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-05-08 20:30 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-05-08 20:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-27 16:35 . 2004-08-04 04:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-23 20:52 . 2011-05-13 17:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 02:22 . 2011-05-07 02:22 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-06-16 04:32 . 2011-06-23 20:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-11 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-12 2424192]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-04-25 2253112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"thirdintel"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-07 20531]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-26 180269]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-26 98304]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]
.
c:\documents and settings\Biomed\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\IBM\\Client Access\\ezstart.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5/27/2011 12:14 AM 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/8/2011 4:30 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/8/2011 4:30 PM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/8/2011 4:30 PM 19544]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [3/6/2011 9:35 PM 246936]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
.
Contents of the 'Scheduled Tasks' folder
.
2005-09-30 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04]
.
2011-07-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-04-24 12:25]
.
2011-07-20 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-05-05 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295721296&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy01:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
FF - ProfilePath - c:\documents and settings\Biomed\Application Data\Mozilla\Firefox\Profiles\s3grf6ae.default\
FF - prefs.js: browser.startup.homepage - hxxp://cozicentral.cozi.com/
FF - prefs.js: network.proxy.ftp - proxy01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-20 11:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-07-20 11:53:28
ComboFix-quarantined-files.txt 2011-07-20 15:53
ComboFix2.txt 2011-07-20 04:45
.
Pre-Run: 131,134,763,008 bytes free
Post-Run: 131,120,603,136 bytes free
.
- - End Of File - - FBE757F12034323A17649EF1BDDEAD8B



Blade81, is this all that i was to post here?.... for I don't see anything in the log from Combofix, in reference to a new DDS log.???:confused:
Blade81
2011-07-21, 10:27
Thanks for reporting back :)

To get fresh DDS logs you need to run DDS tool again. Please do so and post back its logs. Also, let me know about current symptoms.
flywelder
2011-07-25, 20:58
Blade81,
I have fogottten the steps to follow to generate new DDS logs.

I hunted threw all the old email replies and postings and I don't find the instructions. So i have to ask you to post the instructions again please. Forgive me.:red:
Blade81
2011-07-25, 21:03
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.
flywelder
2011-07-25, 22:24
Thanks Blade81.
I had a feeling in my gut it was simple..but i coudn't recall anything...my mind was blank!.....my advice is do all u can to slow down growing old Blade81.. old and watching your mind go... is not fun at all.

dds log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2005 8:25:00 AM
System Uptime: 7/25/2011 12:52:55 AM (15 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | CPU 1 | 2932/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 122.355 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.244 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FB4A311D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FB4A311D800
Service: NIC1394
.
==== System Restore Points ===================
.
RP1908: 4/29/2011 1:40:07 AM - System Checkpoint
RP1909: 5/1/2011 5:20:39 PM - System Checkpoint
RP1910: 5/2/2011 10:21:30 PM - System Checkpoint
RP1911: 5/4/2011 11:47:39 PM - System Checkpoint
RP1912: 5/6/2011 5:33:49 PM - System Checkpoint
RP1913: 5/6/2011 10:47:49 PM - Restore Operation
RP1914: 5/8/2011 10:28:56 AM - System Checkpoint
RP1915: 5/8/2011 12:59:37 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1916: 5/8/2011 4:30:18 PM - avast! Free Antivirus Setup
RP1917: 5/13/2011 3:40:38 PM - System Checkpoint
RP1918: 5/13/2011 7:04:27 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1919: 5/14/2011 8:44:46 PM - System Checkpoint
RP1920: 5/15/2011 10:13:11 PM - System Checkpoint
RP1921: 5/17/2011 6:27:12 PM - System Checkpoint
RP1922: 5/20/2011 6:35:55 AM - System Checkpoint
RP1923: 5/21/2011 10:32:42 AM - System Checkpoint
RP1924: 5/26/2011 10:38:42 PM - System Checkpoint
RP1925: 5/28/2011 12:04:38 AM - System Checkpoint
RP1926: 5/29/2011 12:05:07 AM - System Checkpoint
RP1927: 5/30/2011 3:22:16 AM - System Checkpoint
RP1928: 5/31/2011 9:44:55 AM - System Checkpoint
RP1929: 6/1/2011 10:11:54 AM - System Checkpoint
RP1930: 6/1/2011 10:18:04 PM - Installed OpenOffice.org 3.3
RP1931: 6/3/2011 3:52:18 PM - System Checkpoint
RP1932: 6/4/2011 3:55:39 PM - System Checkpoint
RP1933: 6/5/2011 4:31:31 PM - System Checkpoint
RP1934: 6/6/2011 10:44:36 PM - System Checkpoint
RP1935: 6/12/2011 8:14:01 PM - System Checkpoint
RP1936: 6/13/2011 10:40:52 PM - System Checkpoint
RP1937: 6/14/2011 11:35:38 PM - System Checkpoint
RP1938: 6/15/2011 11:47:33 PM - System Checkpoint
RP1939: 6/23/2011 4:56:42 PM - System Checkpoint
RP1940: 6/24/2011 5:23:37 PM - System Checkpoint
RP1941: 6/25/2011 5:45:49 PM - System Checkpoint
RP1942: 6/26/2011 7:09:49 PM - System Checkpoint
RP1943: 6/28/2011 8:15:12 AM - System Checkpoint
RP1944: 6/29/2011 10:35:46 PM - System Checkpoint
RP1945: 7/1/2011 12:27:21 AM - System Checkpoint
RP1946: 7/2/2011 2:17:00 AM - System Checkpoint
RP1947: 7/3/2011 12:47:19 PM - System Checkpoint
RP1948: 7/8/2011 7:14:21 PM - System Checkpoint
RP1949: 7/9/2011 8:46:27 PM - System Checkpoint
RP1950: 7/11/2011 6:44:37 AM - System Checkpoint
RP1951: 7/17/2011 11:31:25 AM - System Checkpoint
RP1952: 7/18/2011 7:30:24 PM - System Checkpoint
RP1953: 7/20/2011 12:27:11 AM - ComboFix created restore point
RP1954: 7/25/2011 5:23:11 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
avast! Free Antivirus
BackupManager
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm
CameraDrivers
CCleaner
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour
Destinations
Director
Disk SpeedUp 1.3.0.388
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
Family Tree For Dummies
Fax
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
Glary Utilities 2.34.0.1190
Google Toolbar for Internet Explorer
GoToMeeting 4.5.0.457
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Organize
HP Photosmart Cameras 4.5
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPIZplus450
HpSdpAppCoreApp
HPSystemDiagnostics
IBM iSeries Access for Windows
IBM iSeries Access for Windows SI29771
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0 (x86 en-GB)
Mozilla Thunderbird (3.1.11)
mp
mpmri
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
OpenOffice.org 3.3
Overball from Hewlett-Packard Desktops (remove only)
PanoStandAlone
PC-Doctor for Windows
Phoenix Assault from Hewlett-Packard Desktops (remove only)
PhotoGallery
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Scan
ScannerCopy
Secunia PSI (2.0.0.3003)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
SkinsHP1
Slyder from Hewlett-Packard Desktops (remove only)
Smart Defrag 2
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpySubtract
Super Granny from Hewlett-Packard Desktops (remove only)
SUPERAntiSpyware
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Video Mover
WebEx
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/25/2011 12:57:20 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/20/2011 12:42:05 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0013D4247088 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/20/2011 12:29:18 AM, error: Service Control Manager [7034] - The Belkin Network USB Helper service terminated unexpectedly. It has done this 1 time(s).
7/20/2011 12:29:18 AM, error: Service Control Manager [7034] - The Belkin Local Backup Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Biomed at 15:59:33 on 2011-07-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.586 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295721296&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy01:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\biomed\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://harvestdatasystems.webex.com/client/T23L/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7859C65-4D00-4730-B8E4-BD16EE5AEDB2} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\biomed\application data\mozilla\firefox\profiles\s3grf6ae.default\
FF - prefs.js: browser.startup.homepage - hxxp://cozicentral.cozi.com/
FF - prefs.js: network.proxy.ftp - proxy01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-27 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-8 309848]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-8 42184]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-3-6 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-3-6 49152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-3-6 246936]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-07-20 04:26:53 98816 ----a-w- c:\windows\sed.exe
2011-07-20 04:26:53 518144 ----a-w- c:\windows\SWREG.exe
2011-07-20 04:26:53 256000 ----a-w- c:\windows\PEV.exe
2011-07-20 04:26:53 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-27 16:35:28 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-23 20:52:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 17:14:27 0 ---ha-w- c:\windows\Pjepocu.bin
2011-05-07 02:22:56 917504 ----a-w- c:\windows\system32\FLASH.OCX
.
============= FINISH: 16:00:37.78 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2005 8:25:00 AM
System Uptime: 7/25/2011 12:52:55 AM (16 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | CPU 1 | 2932/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 122.355 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.244 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FB4A311D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FB4A311D800
Service: NIC1394
.
==== System Restore Points ===================
.
RP1908: 4/29/2011 1:40:07 AM - System Checkpoint
RP1909: 5/1/2011 5:20:39 PM - System Checkpoint
RP1910: 5/2/2011 10:21:30 PM - System Checkpoint
RP1911: 5/4/2011 11:47:39 PM - System Checkpoint
RP1912: 5/6/2011 5:33:49 PM - System Checkpoint
RP1913: 5/6/2011 10:47:49 PM - Restore Operation
RP1914: 5/8/2011 10:28:56 AM - System Checkpoint
RP1915: 5/8/2011 12:59:37 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1916: 5/8/2011 4:30:18 PM - avast! Free Antivirus Setup
RP1917: 5/13/2011 3:40:38 PM - System Checkpoint
RP1918: 5/13/2011 7:04:27 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1919: 5/14/2011 8:44:46 PM - System Checkpoint
RP1920: 5/15/2011 10:13:11 PM - System Checkpoint
RP1921: 5/17/2011 6:27:12 PM - System Checkpoint
RP1922: 5/20/2011 6:35:55 AM - System Checkpoint
RP1923: 5/21/2011 10:32:42 AM - System Checkpoint
RP1924: 5/26/2011 10:38:42 PM - System Checkpoint
RP1925: 5/28/2011 12:04:38 AM - System Checkpoint
RP1926: 5/29/2011 12:05:07 AM - System Checkpoint
RP1927: 5/30/2011 3:22:16 AM - System Checkpoint
RP1928: 5/31/2011 9:44:55 AM - System Checkpoint
RP1929: 6/1/2011 10:11:54 AM - System Checkpoint
RP1930: 6/1/2011 10:18:04 PM - Installed OpenOffice.org 3.3
RP1931: 6/3/2011 3:52:18 PM - System Checkpoint
RP1932: 6/4/2011 3:55:39 PM - System Checkpoint
RP1933: 6/5/2011 4:31:31 PM - System Checkpoint
RP1934: 6/6/2011 10:44:36 PM - System Checkpoint
RP1935: 6/12/2011 8:14:01 PM - System Checkpoint
RP1936: 6/13/2011 10:40:52 PM - System Checkpoint
RP1937: 6/14/2011 11:35:38 PM - System Checkpoint
RP1938: 6/15/2011 11:47:33 PM - System Checkpoint
RP1939: 6/23/2011 4:56:42 PM - System Checkpoint
RP1940: 6/24/2011 5:23:37 PM - System Checkpoint
RP1941: 6/25/2011 5:45:49 PM - System Checkpoint
RP1942: 6/26/2011 7:09:49 PM - System Checkpoint
RP1943: 6/28/2011 8:15:12 AM - System Checkpoint
RP1944: 6/29/2011 10:35:46 PM - System Checkpoint
RP1945: 7/1/2011 12:27:21 AM - System Checkpoint
RP1946: 7/2/2011 2:17:00 AM - System Checkpoint
RP1947: 7/3/2011 12:47:19 PM - System Checkpoint
RP1948: 7/8/2011 7:14:21 PM - System Checkpoint
RP1949: 7/9/2011 8:46:27 PM - System Checkpoint
RP1950: 7/11/2011 6:44:37 AM - System Checkpoint
RP1951: 7/17/2011 11:31:25 AM - System Checkpoint
RP1952: 7/18/2011 7:30:24 PM - System Checkpoint
RP1953: 7/20/2011 12:27:11 AM - ComboFix created restore point
RP1954: 7/25/2011 5:23:11 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
avast! Free Antivirus
BackupManager
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm
CameraDrivers
CCleaner
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour
Destinations
Director
Disk SpeedUp 1.3.0.388
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
Family Tree For Dummies
Fax
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
Glary Utilities 2.34.0.1190
Google Toolbar for Internet Explorer
GoToMeeting 4.5.0.457
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Organize
HP Photosmart Cameras 4.5
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPIZplus450
HpSdpAppCoreApp
HPSystemDiagnostics
IBM iSeries Access for Windows
IBM iSeries Access for Windows SI29771
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0 (x86 en-GB)
Mozilla Thunderbird (3.1.11)
mp
mpmri
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
OpenOffice.org 3.3
Overball from Hewlett-Packard Desktops (remove only)
PanoStandAlone
PC-Doctor for Windows
Phoenix Assault from Hewlett-Packard Desktops (remove only)
PhotoGallery
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Scan
ScannerCopy
Secunia PSI (2.0.0.3003)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
SkinsHP1
Slyder from Hewlett-Packard Desktops (remove only)
Smart Defrag 2
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpySubtract
Super Granny from Hewlett-Packard Desktops (remove only)
SUPERAntiSpyware
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Video Mover
WebEx
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/25/2011 12:57:20 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/20/2011 12:42:05 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0013D4247088 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/20/2011 12:29:18 AM, error: Service Control Manager [7034] - The Belkin Network USB Helper service terminated unexpectedly. It has done this 1 time(s).
7/20/2011 12:29:18 AM, error: Service Control Manager [7034] - The Belkin Local Backup Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
You asked if we had questions and issues yet. so........yes we do, :)
Questions for you Blade81:

Can you tell me in layman's terms, what was discovered to be wrong with our computer?

How did the problem get into our computer?

What if anything can we do to prevent this again?

as you probably know, our computer has both Avast and Super anti- spyware loaded and running. Is this ok? Avast seems to much easier to operate than super anti spyware. ...does one do something better than the other to have both?:confused:

If I get rid off Super anti spyware or avast....will doing so release into my computer, the viruses it says it is holding in a vault?:confused:

What am i to do with the viruses listed in the vaults...i thaught these programs found and got rid off the viruses once and for all?:confused:

Malwarebytes is still listed in my list of programs...yet it will not function??? what shall Ido ?:confused:

There is also this icon for Secunia PSI..? what is this? what does it do for me? or / and should I keep it?

We are unable to get updates for this computer becasue we think the probalem is we do not recall the password for something called 'administer' and every time we attempt to get updates we are denied.?? we don't understand, this is our computer and why cant we get the updates from microsoft ? and what /who is administer?

are our folders and files from April and March and beyond, still on this computer somewhere?

is it safe to do so, and is it possible, to go back to a restore point from the first week of April 2011 and would we find there, our folders and my wife's saved desk top screen saver images of the grandkids? or is that unsafe or is it that we should just go forward from here and redo our folders?....but, know that we have searched for folders and files that were here in the computer in April and now are not any where to be found? why?
Blade81
2011-07-25, 23:18
Hi,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 26 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.





Can you tell me in layman's terms, what was discovered to be wrong with our computer?
Hard to say for sure. I didn't spot any clear signs of any specific threat.


How did the problem get into our computer?
There's some outdated software there. My guess would be that vulnerabilities in them were exploited to get in.


What if anything can we do to prevent this again?
System should be kept up-to-date all the time.


as you probably know, our computer has both Avast and Super anti- spyware loaded and running. Is this ok? Avast seems to much easier to operate than super anti spyware. ...does one do something better than the other to have both?
It's ok to have both installed. Avast is for antivirus protection and Superantispyware for antispyware protection.


If I get rid off Super anti spyware or avast....will doing so release into my computer, the viruses it says it is holding in a vault?
Removed threats won't get free again.


What am i to do with the viruses listed in the vaults...i thaught these programs found and got rid off the viruses once and for all?
It's ok to clean the vault (in case there're still some in it).


Malwarebytes is still listed in my list of programs...yet it will not function??? what shall Ido ?
Better uninstall it and then reinstall to see if that makes it to function.


There is also this icon for Secunia PSI..? what is this? what does it do for me? or / and should I keep it?
Secunia PSI is very handy program to keep you notified about vulnerabilities that need treatment. I'd definitely keep it.


We are unable to get updates for this computer becasue we think the probalem is we do not recall the password for something called 'administer' and every time we attempt to get updates we are denied.?? we don't understand, this is our computer and why cant we get the updates from microsoft ? and what /who is administer?
Does it give any error message when updating is attempted?


are our folders and files from April and March and beyond, still on this computer somewhere?
is it safe to do so, and is it possible, to go back to a restore point from the first week of April 2011 and would we find there, our folders and my wife's saved desk top screen saver images of the grandkids? or is that unsafe or is it that we should just go forward from here and redo our folders?....but, know that we have searched for folders and files that were here in the computer in April and now are not any where to be found? why?
It's not recommended to return back that much in restore points (even if possible). Did I understood right or are there some files missing? You could try to run this (http://download.bleepingcomputer.com/grinler/unhide.exe) tool to see if it made any missing file appear.
flywelder
2011-07-27, 05:32
Blade81
About updating JAva.....:oops: I am confused, here is why, .....when I visit the java site, i see four squares.
One reads: Java; the next reads: Java FX; the next: NetBeans; the last reads: Java EE

So i don't undertsnad which square to choose? and are u wanting me to choose one of the four squares or am I to look else where on that page? :oops:

yes there are files missing, they had pictures of our grandkids and her desktop screen savers; and typed documents...made with open office. I will use that tool and see what the results are and update you.. thanks for the tool!
flywelder
2011-07-27, 05:38
Blade81
thought I would share this info with you should it be important.

I begane uninstalling malwarebytes and a window opoed open and read:
runtime error 453
cant find DLL entry point Get ConfigParameter im mbamnet.


is it safe to continue Blade81?
Blade81
2011-07-27, 10:23
Hi :)


So i don't undertsnad which square to choose? and are u wanting me to choose one of the four squares or am I to look else where on that page?
Under "Here are the Java SE downloads in detail:" -part you should see JRE with a download button beneath it. Just click it, accept license terms and download jre-6u26-windows-i586.exe file on the list.


is it safe to continue Blade81?
Yep, see if uninstaller is able to finish the uninstallation process.
flywelder
2011-08-02, 03:53
Hi Blade81
I believe I have Java updated now...97% sure.....
Successfully uninstalled Malwarebytes.
Some additional folders were revealed....but non of the ones we had hoped for.
Still having trouble with HP printer, printing with what looks like a shadow behind each letter.
Still no access to the HP Toolbox ' where at one time we were able to run print tests and aligned the print cartridges....which i think we need to do, seeing how we recently, replaced the black ink cartridge.

We use Open office....and perhaps some virus damaged Open office that is causing open office documents to print with letters slightly as-cued or with a shadow. I tried changing the font but have the same problem. I've verified that "shadowing" boxes are not checked in properties area. Any ideas/suggestions?
Blade81
2011-08-02, 09:10
Hi,

Those remaining issues fall into general issues category. For those I recommend to post at forum that has area for non malware issues too. One example of this type of forums would be What the Tech (http://forums.whatthetech.com/index.php?act=idx) :)
flywelder
2011-08-05, 05:21
Ok, will take a look at that tech forum. thanks Blade 81 for suggesting the tech forum... :)

if in the furture, for some unfor seen reason, we should need to restore this computer to a restore point....do you recommend any particular date?
Blade81
2011-08-05, 08:56
You're welcome :)


if in the furture, for some unfor seen reason, we should need to restore this computer to a restore point....do you recommend any particular date?
If necessary to use system restore then the selected restore point should be well before the date problems began occuring.