Free Malware Removal Forum

[AVE]

My original post about 2-3 weeks ago was entitled :

Adspyware Popups,INDEX.BR,FSfolder access denied,HD spinning

Because of other issues I couldnt respond right away and was offline while receiving surgery.

My pc stopped the INDEX BTR a couple of weeks ago when I unchecked the properties to not be readable and deleted it.

Still my pc has been randomly shutting off and coming back to f8 mode .I tried Sys Restore but it couldnt be restored.

HP did an online hardware analysis that said all systems were good except my hard drive couldnt code and may need to be replaced but that IF I had any new update downloads that failed that I should remove them.

I did a recent Windows Update & it said Framework2.0 which had failed , so MS Tech helped me removed Framework2.0 with one of their tools as I have Framework 1.1,3.0 &3.5 so they said to leave those .

My pc works, but then an email from a friend included a Glacier_bkgrd.jpg that when opened in my art program, revealed a blinking line[ which my PhotoImpression never had a moving pic before]. My pc shut down and I restarted it. I contacted my friend to find they didnt send it to me when I inquired about the jpg, so I knew I was in trouble. I ran AVG but it showed no problems. A little while later my AVG showed my email was no longer protected.
I tried to update the AVG to correct the email scanning but it wouldnt.

My pc over the next few hours began to delay printing on screen, flash and turn off and restart.I removed the Glacier_b and did a search online to see this has been circulating since 2000 and no one spoke of it as a virus but as a download that failed to initialize and some wrote about subsequent pc problems.
I ran a full scan with AVG and also ran Spybot but no results.


I downloaded Combo Fix and went to MS website to download tool and dragged it into Combo Fix and then ran it.
While running Combo Fix one window popped up saying a threat was being removed, so I hope that was it.

Here is the Notepad of the Combo Fix log and below it is the notepad of the Hijack this log. As I have just done this, I do not know if and what else needs to be done nor how my pc will be working [hopefully better]
Thankyou in advance for your continued assistance,
Ave


I never saw anything about recovery console but it ran through and here is the report:

ComboFix 08-06-06.6 - HP_Owner 2008-06-07 9:40:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.555 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NWSAPAGENT
-------\Service_Iprip
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 09:34 . 2008-06-07 09:34 <DIR> d-------- C:\Program Files\Microsoft Diagnostics and Recovery Toolset
2008-06-06 18:43 . 2008-06-06 18:43 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-06 18:21 . 2004-08-12 00:09 <DIR> d-------- C:\Documents and Settings\Administrator.AVEHURLEY.000\WINDOWS
2008-06-06 18:21 . 2008-06-06 18:21 <DIR> d-------- C:\Documents and Settings\Administrator.AVEHURLEY.000
2008-06-06 13:49 . 2008-06-06 13:49 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-06 13:48 . 2008-06-06 13:48 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-03 06:49 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-03 06:28 . 2008-06-03 06:31 331,805,736 --a------ C:\Documents and Settings\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-06-02 19:43 . 2008-06-02 19:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-02 19:20 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-02 19:19 . 2004-08-04 08:00 457,607 -----c--- C:\WINDOWS\system32\dllcache\mdlib.wmv
2008-06-02 19:18 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-02 19:13 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-06-02 13:41 . 2008-06-02 13:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\zh-cn
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\pt-br
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\bg-bg
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\ar-sa
2008-06-02 06:17 . 2008-06-02 06:17 <DIR> d-------- C:\WINDOWS\system32\tr-tr
2008-06-01 14:03 . 2008-06-01 14:03 98,968 --a------ C:\Documents and Settings\Overview of Windows XP Service Pack 3.docx
2008-05-29 15:29 . 2008-05-29 15:29 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-05-29 15:29 . 2008-05-29 16:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 15:29 . 2008-05-29 15:44 <DIR> d-------- C:\Program Files\Speeditup Free
2008-05-29 15:13 . 2008-05-29 15:13 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-28 20:21 . 2008-05-28 20:21 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Windows Desktop Search
2008-05-28 20:18 . 2008-05-28 20:18 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-05-28 18:41 . 2008-05-28 18:41 <DIR> d-------- C:\WINDOWS\Performance
2008-05-28 18:40 . 2008-05-30 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-26 23:52 . 2008-05-26 23:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\MSN6
2008-05-26 17:00 . 2008-05-26 17:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 17:00 . 2008-05-26 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-26 06:10 . 2008-05-26 06:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-26 06:10 . 2008-05-26 06:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-26 06:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-26 05:15 . 2008-06-01 14:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-05-26 05:15 . 2008-05-26 05:15 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-26 05:15 . 2008-05-26 05:15 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-26 05:08 . 2008-05-26 05:08 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-26 05:08 . 2008-05-26 05:08 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-26 01:23 . 2008-06-07 09:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-25 21:27 . 2008-05-25 21:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-24 16:38 . 2008-05-24 16:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\Contacts
2008-05-24 16:38 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-24 16:35 . 2008-05-24 16:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 00:28 . 2008-05-20 00:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Snapfish
2008-05-20 00:03 . 2008-05-20 00:12 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2008-05-19 23:49 . 2005-10-21 19:58 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-19 23:49 . 2005-10-21 19:58 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-19 23:47 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.1
2008-05-19 23:44 . 2008-05-20 00:03 117,931 --a------ C:\WINDOWS\hpoins11.dat
2008-05-19 21:56 . 2008-04-13 14:39 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-19 21:56 . 2008-04-13 14:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-19 21:29 . 2006-01-03 13:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-05-19 21:29 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2008-05-19 21:28 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-19 21:28 . 2008-04-13 14:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-19 18:27 . 2008-05-19 18:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
2008-05-19 17:50 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-05-18 21:52 . 2008-06-06 18:18 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\mjusbsp
2008-05-18 21:47 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-18 21:47 . 2008-04-14 00:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-18 21:45 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-18 21:45 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 07:11 . 2008-05-18 07:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Flickr
2008-05-18 07:10 . 2008-05-18 07:11 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-05-13 15:49 . 2008-06-04 17:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-13 03:15 . 2008-05-13 03:15 48,032 --a------ C:\WINDOWS\system32\uninst.exe
2008-05-11 12:41 . 2008-05-11 12:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-05-11 12:41 . 2008-05-11 12:41 <DIR> d-------- C:\Documents and Settings\Owner
2008-05-11 11:58 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-11 11:58 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-11 11:58 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-05-11 02:07 . 2008-05-11 02:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-11 02:03 . 2008-06-02 19:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-11 01:58 . 2008-06-03 06:47 <DIR> d-------- C:\WINDOWS\EHome
2008-05-11 01:56 . 2008-05-11 01:56 <DIR> d-------- C:\PRELOAD
2008-05-11 01:56 . 2008-05-11 01:56 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2008-05-11 01:01 . 2003-12-17 16:58 82,888 --a------ C:\WINDOWS\system32\drivers\swld23u.sys
2008-05-11 01:01 . 2003-12-15 18:14 53,690 --a------ C:\WINDOWS\system32\drivers\swlubtl.sys
2008-05-11 00:46 . 2008-05-11 02:15 <DIR> d-------- C:\WINDOWS\system32\Samsung
2008-05-11 00:46 . 2008-05-11 02:15 <DIR> d-------- C:\Program Files\Netopia
2008-05-11 00:46 . 2003-08-27 23:43 229,376 --a------ C:\WINDOWS\system32\swlpu.dll
2008-05-11 00:46 . 2003-06-20 11:51 122,880 --------- C:\WINDOWS\system32\PResGer.dll
2008-05-11 00:46 . 2003-06-20 11:51 122,880 --------- C:\WINDOWS\system32\PResFre.dll
2008-05-11 00:46 . 2003-11-04 14:37 68,224 --------- C:\WINDOWS\system32\drivers\swld23.sys
2008-05-11 00:46 . 2003-06-20 11:52 40,960 --------- C:\WINDOWS\system32\PResKor.dll
2008-05-11 00:46 . 2003-06-20 11:50 36,864 --------- C:\WINDOWS\system32\PResEng.dll
2008-05-11 00:46 . 2003-05-15 08:32 13,056 --------- C:\WINDOWS\system32\drivers\PRT1XW2K.SYS
2008-05-10 18:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-10 18:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-10 11:08 . 2008-04-13 14:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-05-10 11:08 . 2008-04-13 14:45 172,416 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-10 11:07 . 2008-04-13 12:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-05-10 11:07 . 2008-04-13 12:39 142,592 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2008-05-10 10:52 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll
2008-05-10 10:50 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-10 10:50 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-10 10:50 . 2008-05-10 10:50 79 --a------ C:\WINDOWS\hpdj9800.his
2008-05-10 10:40 . 2008-05-10 10:43 92 --a------ C:\WINDOWS\hpdj9800.bu2
2008-05-10 10:40 . 2008-05-10 10:40 79 --a------ C:\WINDOWS\hpdj9800.hi2
2008-05-10 09:52 . 2008-06-07 09:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-10 09:52 . 2008-05-11 02:13 <DIR> d-------- C:\Program Files\AVG
2008-05-10 09:52 . 2008-05-26 05:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 09:52 . 2008-05-10 09:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-10 09:52 . 2008-05-10 09:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-10 08:05 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-10 08:00 . 2008-05-26 06:10 <DIR> d-------- C:\Program Files\MSBuild
2008-05-10 07:51 . 2008-05-10 07:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-10 07:49 . 2008-05-28 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 07:48 . 2008-05-11 02:06 <DIR> dr-h----- C:\MSOCache
2008-05-10 04:56 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-10 04:56 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-10 04:56 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-10 04:56 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-10 04:56 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-10 04:56 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 04:55 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-10 04:55 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-10 04:55 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-10 04:34 . 2008-06-02 19:48 <DIR> d-------- C:\WINDOWS\system32\scripting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 12:23 --------- d---a-w C:\Program Files\PC-Doctor for Windows
2008-06-06 22:22 --------- d-----w C:\Program Files\Pandora Recovery
2008-06-06 17:48 --------- d-----w C:\Program Files\MSECache
2008-06-02 23:53 98,304 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\PluginCtrl.dll
2008-06-02 23:53 315,392 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchmsxml.dll
2008-06-02 23:53 3,072 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchealthde.exe
2008-06-02 23:53 213,089 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\motive.zip
2008-06-02 23:53 139,264 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\ContentUpdater.exe
2008-06-02 17:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-01 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 02:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 02:03 --------- d-----w C:\Program Files\Symantec
2008-05-31 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 00:41 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-27 22:07 --------- d-----w C:\Program Files\ArcSoft
2008-05-26 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 20:43 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-24 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 03:52 --------- d-----w C:\Program Files\HP
2008-05-20 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-19 01:57 --------- d-----w C:\Program Files\Java
2008-05-17 08:41 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-13 19:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 06:10 --------- d-----w C:\Program Files\Microsoft Works
2008-05-10 00:38 3,885 ----a-w C:\WINDOWS\viassary-hp.reg
2008-05-08 12:35 --------- d-----w C:\Documents and Settings\Ave\Application Data\mjusbsp
2008-05-08 03:07 --------- d-----w C:\Documents and Settings\Ave\Application Data\OpenOffice.org2
2008-05-08 03:06 --------- d-----w C:\Documents and Settings\Ave\Application Data\AVG7
2008-05-01 20:17 --------- d-----w C:\Program Files\Delcampe Toolbar
2008-04-26 00:25 --------- d-----w C:\Documents and Settings\Ave\Application Data\Template
2008-04-18 01:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 04:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 04:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 04:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-14 04:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2003-01-13 15:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 20:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-12-22 13:08 30,720 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat
2008-03-04 14:46 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-26 05:15 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-26 05:15 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"cdloader"="C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 10:39 50520]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe" [2007-10-05 03:32 75256]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 21:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 23:52 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 21:28 286720]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-26 05:14 1177368]
"HPWQTOOLBOX"="C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [2005-06-03 06:18 335872]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-12 00:08 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 13:05 64000]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

C:\Documents and Settings\Administrator.AVEHURLEY\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-08-12 00:15:52 36864]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-12 00:20:09 16423]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\PC-Doctor for Windows\\Pcdrw32.exe"=
"C:\\WINDOWS\\SMINST\\INSTALL_APP.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"C:\\Program Files\\Microsoft Works\\wkpdfsnf.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp deskjet 9600 series\\Toolbox\\HPWITBX.exe"=
"C:\\WINDOWS\\CREATOR\\CD Creator.exe"=
"C:\\hp\\support\\HPSysInfo.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\WINDOWS\\CREATOR\\ToolsCDLauncher.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Product Assistant\\bin\\hprbui.exe"=
"C:\\Program Files\\Pandora Recovery\\PandoraRecovery.exe"=
"C:\\Program Files\\Microsoft Works\\WksWP.exe"=
"C:\\WINDOWS\\system32\\Restore\\rstrui.exe"=
"C:\\Program Files\\ArcSoft\\PhotoImpression 4\\PhotoImpression.exe"=
"C:\\Program Files\\CA\\CA Internet Security Suite\\caisstutorial.exe"=
"C:\\hp\\recovery\\wizard\\SWR_Wizard.exe"=
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"C:\\Program Files\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"=
"C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphver06.exe"=
"C:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-26 05:15]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-10 09:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 05:15]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-26 05:14]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-26 05:15]
R2 prt1xw2k;SEM 11 Mbps Wireless Card NDIS Interface;C:\WINDOWS\system32\drivers\prt1xw2k.sys [2003-05-15 08:32]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-26 05:08]
R3 SWLD23U;Netopia 802.11b WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\SWLD23U.sys [2003-12-17 16:58]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-26 05:08]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 swlubtl;WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\swlubtl.sys [2003-12-15 18:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 20:06:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 13:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 06:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A0A34368-5366-403D-A519-7A8315B419CB}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2FA4AD6-E583-4CA9-89AF-FA270D6B2B48}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D52A953A-0C01-43E7-9FD8-C47487EA1CD9}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 09:50:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-06-07 10:01:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 14:01:33

Pre-Run: 9,494,487,040 bytes free
Post-Run: 9,756,495,872 bytes free

398 --- E O F --- 2008-05-10 07:00:11


Then I ran the Hijack this and here is that log:Logfile of HijackThis v1.99.1

Scan saved at 10:07:26 AM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0398895171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[flashh4]

Hello and welcome to the forums

My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

If you can do those things, everything should go smoothly

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back as soon as possible with a fix !!
In the mean time can you give me an Uninstall list please !!

1. Open HijackThis.
2. Click on the Open the Misc Tools section button.
3. Look under System tools.
4. Click on the Open Uninstall Manager... button.
5. Click on the Save list... button.
6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
7. Notepad will open. Please post this log in your next reply.

Thanks
Chuck

[AVE]

Hi & Thanks~Today my pc is a bit more irradic.Yesterday I ran a slow AVG 8.5 scan when I left home to come back to 367 warnings and pages that load extremely slow, so slow that after waiting for nearly 1/2 hour to change the page, I gave up and restarted the computer, so I could access my email. Initially I was going to attempt a System Restore but that brought about a black screen, so I restarted and opened IE7 to email, found your email& am responding. I was able to open Hijack 7 get this notepad file for you.
Prior to this MS Tech had me remove SP2 as it failed & I reloaded SP3 & 3.5 It did show many SPs's in the warning of AVG so I guess they didnt delete the way they should have.
I have XP Home edition showing SP3 is on but since this hasnt been acting up to speed, I wouldnt be surprised at anything at this point.I am very curious to learn the process and get the results rather than having to crash my computer to a factory restore, so I do appreciate all your help and look forward to working with you.
Thanks~
Ave

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat - Reader 6.0.2 Update
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Reader 6.0.1
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI Soft Modem
ArcSoft Scan-n-Stitch Deluxe
AVG 8.0
Flickr Uploadr 3.0.5
Help and Support Additions
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB942766-v6)
HP Customer Participation Program 7.0
HP Deskjet 9800
HP Deskjet 9800 Series
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Imaging Device Functions 7.0
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Detection
HP PSC & OfficeJet 4.0
HP Software Update
HP Solution Center 7.0
HP Unload DLL Patch
HPIZ402
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 14
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
KBD
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Diagnostics and Recovery Toolset 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Small Business Image Uploader
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSXML 4.0 SP2 (KB936181)
Netopia Wireless LAN
Netopia Wireless LAN
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PayPal Plug-In
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Resize-O-Matic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Smart Menus (Windows Live Toolbar)
Sonic RecordNow!
Speeditup Free 4.00
SpySubtract
Tradewinds from Hewlett-Packard Desktops (remove only)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows XP (KB942763)
Updates from HP
Windows Desktop Search 3.01
Windows Desktop Search 3.01
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
Yahoo! Install Manager

[AVE]

My pc became more unstable, as it began to do restarts without any warning and was getting hard to stay on the line of whatever I was working on or typing.
As much as I didnt want to do an F10 HP Factory Restore and or Recovery, I was compelled yesterday to do the lesser of the two,not the destructive restore but still gave up most files in storage to try and bring back some stability.
After running it, I was back online, however lost all my current programs and virus software and was back to the Norton2004 which came preloaded on the computer.I am stuck with it for the moment til I can load another, but loading is still a problem.
I went to Windows Update and started over , but it kept hangining up during installlation and then restarting before completion so I was repeating the process over and over and got some downloads in and others failed. I got an HP tech chat opened and was helped with one missing dll and hoped that remedied it til five minutes later, my screen went black and after waiting 10 minutes, I shut it down and restarted again.The tech did say that since I did the less invasive of the two recoveries, that if the problems continue with the intermittent restarts and dowload failures, I may need to do the complete F10 Destructive Factory Recovery!
so far I lost my combo fix & hijack this files from the partial restore and am disapointed that that drastic move didnt remedy the problem completely, however for the moment my screen does seem more stable and pages load and change normally now.[as normal as I have come to be able to expect anyway]
Now that I am willing to wipe the slate virtually clean, I do not want to lose the hidden files in the event I can get another download of Pandora Recovery which I had purchased online last January and it helped back then to salvage some art files, I no longer have access to the UrL I purchased it from.
I wish I could find what caused all this to start doing these things.I thought removing that one trojan would have cured it, but it seemed that when I had that Glacier_background.jpg that my system started to get much worse.
Thanks for your help.
Ave

[AVE]

I just re-downloaded HJT and here is the current notepad assessment.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:07 AM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\HP_Owner.AVEHURLEY\Desktop\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://www.microsoftupdate.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3483641855
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8476 bytes

[flashh4]

Howdy Ave,

First we need to move HijackThis.exe into its own folder. This will help to avoid accidentally deleting any backups the program makes.
Create a new folder by right-clicking somewhere in the empty area of your desktop and choose New > Folder. Give it a simple name like HJT, or something easy to remember, then drag and drop HijackThis.exe on to the folder. This will move HijackThis.exe into the folder you just created.

NEXT

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Please post in your next reply to this topic:
1. Kaspersky on line scan
2. New HJT log

Thanks
Chuck

[AVE]

Hi Chuck~
I have made a new notepad of th hijack. I downloaded the Kapersky & the java. I ran the kaperski for a full scan and the pc suddenly restarted incomplete[again] and I tried 6 times and even tried just doing the critical part .the scan went on for 26 minutes and was at 12% and had done almost 13,000 files , then the pc restarted again interupting the scan before it could finish.I am at it about 5 hours now and it seems impossible to do. I had turned off my virus scanner OneNote prior to each scan and it took 3 restarts til I was able turn it back on in order to come back here to write you. I am going to attempt to include the hjt file now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:05 PM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner.AVEHURLEY\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://www.microsoftupdate.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3483641855
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6497 bytes

I hope this reveals something. I will still try to get a virus scan done with kapersky. Onenote scan worked earlier but showed nothing. I ran system diagnostics that passed 100%.
Biggest issue now is the random shutdown without warning and restarts.
thanks for your help~
Ave

[AVE]

I changed one setting upon suggestion from HP.I disabled the auto restart under power management icon in control panel which seemed to help alot. I can now have 2 windows open at once without it shutting down immediately. I ran the kapersky scan again and when checking ,it had reached over 2 hours of scanning and was at more than 32% scanned of the computer, [which was the longest time it was able to run so far] , so I let it continue, hoping to finally get a scan complete.I dont know how much longer it ran since I fell asleep for 2 hours and when I went to check it , the pc had restarted again and each time it has done so without being able to see the end result. Up to each point when it had shut down however it showed no threats etc.I wonder, does Kapersky automatically shut down if there are no threats or if this is something embedded in a way that when it is exposed it shuts down the computer and maybe changes paths again..?... I am concerned that if these things 'morf' on restart that with my many restarts if it is even possible to do an effective F10 Destructive Factory Restore or if we have other options perhaps???
Thanks~
Ave

[AVE]

Hi Chuck~
I attempted the F10 Destructive Factory Recovery. It hung up and aid it couldnt recover all the win32 files.I tried to quit it but on restart got the NDLR{?}or something like that which said it couldnt load. I had recovery discs and tried them a few times til I got a 'r', 'f' and quit option and when I tried the 'f' it began accepting my recovery discs and I am now up and running again.
I began with the Windows Updates and got 15 loaded but 8 more failed. I am not sure why, but at least the pc isnt restarting randomly ! [yay] I hope whatever bugger was in doesnt come back to haunt me.I am also going back and forth on the hp site getting updates, so maybe when all is said and done I can hopefully get the windows updates to work properly. It may be that some items need to be reinstalled. I am glad to just have it running more stable .
Thankyou for your help.
Ave

[flashh4]

Howdy AVE, just a little left to check.

Please click this link to open Kaspersky Online Scanner:
http://www.kaspersky.com/kos/eng/partne ... bscan.html

Press on the Accept button and install any components it needs.

* The program will install and then begin downloading the latest definition files.
* After the files have been downloaded on the left side of the page in the Scan section select My Computer
* This will start the program and scan your system.
* The scan will take a while, so be patient and let it run.
* Once the scan is complete, click on View scan report
* Click on the Save Report As... button.
* Change the file type to Text file (*.txt), type a filename such as kaspersky and save it to your Desktop
* Post the contents of the report in your next response.



Once complete, please post the Kaspersky report and a new HijackThis log.
Also, describe how your computer is running now.

Thanks
Chuck

[AVE]

Hi Chuck~
I tried the link and it came up as a 404 Item not found.
Also after reloading my computer from the recovery discs I made last year, my windows update isnt working automatically.It will give me an icon in the bottom bar saying updates ready to install but after installing them it gives a window saying the 'following updates were not installed'.
Since the recovery discs werent made til after 2 factory recoveries, I am wondering if the problem was inherited, already on the pc and saved in the discs to recur since sheduled tasks doesnt employ either saying 'access denied' after tasks never initiated.
Doing the F10 recovery initially said for every file" file can not be recovered' and required ok clicks but after 3000+ clicks I shut the computer down and restarted with the 'f' restore instead of the 'r' restore as that accepted each of the 8 discs and got the pc up and running at least.
Now it is working however it 'snaps' and larger email attachments come back as errors and mail doesnt send, and when trying to reinstall my printer it also isnt working right{ I have written the mfr on the hp9800 since that may or not be a different issue?)
I will try to find another link to the Kapersky and run it.
Thanks for all your help so far and continuing~
Ave

[flashh4]

Howdy AVE, that link worked last night but not now, anyway heres a new link:

Go here: Kaspersky website and perform an online antivirus scan.

Install updates manually for Microsoft,
See if this will help you get the updates >>> http://www.microsoft.com/canada/athome/ ... stall.mspx

Post the kaspersky log/report and New HJT log !

Thanks
Chuck

[AVE]

Hi Chuck,
I guess back a few weeks ago when I first wrote to this forum, I should have done a system restore then. I heard my hard drive spinning hard and often and programs were starting to shut off and on .Windows update began malfunctioning and I couldnt get the regular system restore to work.
What I failed to realize was whatever got onto my hard drive was damaging it. I thought that I could troubleshoot with help and get to the root of the problem and fix it but as it became impossible to complete a virus scan from any site , my hard drive was being eaten up like that flesh eating disease.
By the time I did the Factory Restore, the damage was already done...I can use the computer still and it works, but now on diagnosis the hard drive is beginning to fail so I am about to replace it tonight and 'hopefully' that will be the end of the current problems.
What really sux is those jokers that make all the malware that cause all this stuff to happen~!What do they gain by infecting random computers? It isnt like I am some big corporation with hidden secrets on my machine, but I am a small home business that basically is out of business while all this pc turmoil has gone on.
Whoever caused it isnt going to gain by it. I am simply going to put in another old hard drive and start again.
I did run the Kapersky and it came out clean.The shortcut to the file on my desktop however is not getting through. My solitaire has stopped working and says the net drive is unavailable so I guess this hard drive is breathing its last ...
I miss my solitaire already, lol as it keeps me quiet while awaiting scans and downloads..lol.. the last 3 wks have spent alot of time playing solitaire while trying to fix this.I cant take any files from my desktop right now so I can send them.I thought I would email them to myself so I can save them to be reviewed later and possibly like an autopsy they can reveal the cause of death...
So I will be offline part or all of tonight as I attempt my first hard drive replacement. Cross your fingers and wish me luck- for me it is like a person who stayed at a holidaY Inn one night and read a book about appendix removal and now I am here with a butter knife, needle and thread trying to perform one...
Ave

[flashh4]

Howdy Ave, good luck with the installation of new hard drive.

Here are some free programs I recommend that could help you improve your computer's security.
(Vista users must ensure that any programs are Vista compatible BEFORE installing)

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!

Chuck

[Vino Rosso]

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link: >Donations For Malware Removal<

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.