Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp freezes up constantly.


  • This topic is locked This topic is locked
13 replies to this topic

#1 lognom

lognom

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 30 April 2012 - 08:59 PM

Hi,
Here are my gmer and dds logs. Before you read the logs, here are a few details you might find helpful.

1) 3 days ago the computer began to run as slow as molasses and would freeze up a lot, forcing me to constantly restart.

2)Whenever I restarted, checkdisk would run, saying my disc weren't "consistent".

3)Yesterday the computer became almost unusable. I figured I had nothing to lose,to I decided to reinstall my OS. The computer wouldn't allow a repair install, so I did a full install instead. That's why you see so many programs added and deleted from computer today (4/30).Reinstalling the OS has made no difference.

4) I cannot run the computer in Safe Mode with Networking. When I try to do this, I see a page of System32Drivers.

5) When I check BIOS, it said SMART status is ok, when both BIOS tests failed.

6) Malwarebytes found nothing. AVG found one virus.

7) When I tried fixmbr, it said "The old master boot record cannot be read".









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2012 11:52:48 AM
System Uptime: 4/30/2012 6:20:34 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2004/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2004/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 177 GiB total, 166.624 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.967 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 4/29/2012 11:55:51 AM - Software Distribution Service 3.0
RP2: 4/29/2012 11:58:06 AM - Installed Actiontec Gateway
RP3: 4/29/2012 11:58:38 AM - Configured easy Internet sign-up
RP4: 4/30/2012 12:32:54 PM - Installed SeaTools for Windows
RP5: 4/30/2012 12:50:04 PM - Software Distribution Service 3.0
RP6: 4/30/2012 1:03:28 PM - Software Distribution Service 3.0
RP7: 4/30/2012 1:15:17 PM - Software Distribution Service 3.0
RP8: 4/30/2012 1:27:18 PM - Installed AVG 2012
RP9: 4/30/2012 1:27:31 PM - Installed AVG 2012
RP10: 4/30/2012 1:46:39 PM - Removed Microsoft Works
RP11: 4/30/2012 1:48:20 PM - Removed muvee autoProducer unPlugged 2.0
RP12: 4/30/2012 2:07:38 PM - Removed Sonic Express Labeler
RP13: 4/30/2012 2:08:10 PM - Removed Sonic MyDVD Plus
RP14: 4/30/2012 2:09:00 PM - Removed Sonic RecordNow Audio
RP15: 4/30/2012 2:09:14 PM - Removed Sonic RecordNow Copy
RP16: 4/30/2012 2:09:32 PM - Removed Sonic RecordNow Data
RP17: 4/30/2012 2:09:55 PM - Removed Sonic Update Manager
RP18: 4/30/2012 2:21:09 PM - Removed Quicken 2006
RP19: 4/30/2012 2:50:55 PM - Software Distribution Service 3.0
RP20: 4/30/2012 4:19:15 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Actiontec Gateway
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
Agere Systems PCI-SV92PP Soft Modem
AutoUpdate
AVG 2012
CCleaner
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DivX
Enhanced Multimedia Keyboard Solution
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Software Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.105.1
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
NVIDIA Drivers
Otto
PC-Doctor 5 for Windows
QuickConnect
Qwest QuickAssist Desktop Tools
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
SeaTools for Windows
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SUPERAntiSpyware
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VLC media player 2.0.1
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
4/30/2012 12:23:49 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/30/2012 12:23:34 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
4/30/2012 12:11:23 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
4/30/2012 12:11:23 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\HP_Administrator\My Documents\seatools\stxcon.exe. Reference error message: The operation completed successfully. .
4/30/2012 12:11:23 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
4/30/2012 10:33:17 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
4/30/2012 1:08:17 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB920213).
4/29/2012 1:04:27 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0018F394F339 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by HP_Administrator at 18:26:38 on 2012-04-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.437 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
svchost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{5FE479A4-BA1D-4F13-ADE1-3DB439AAB769} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\cxa624ss.default\
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-8 5158992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-30 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 129976]
.
=============== Created Last 30 ================
.
2012-05-01 00:00:43 -------- d-----w- C:\d7bac86a88e9f5eb17dbd6a11f78a95c
2012-04-30 23:47:19 -------- d-----w- C:\355afd48b45359feacf06226f2cd
2012-04-30 23:36:38 -------- d-----w- c:\documents and settings\hp_administrator\application data\WinPatrol
2012-04-30 23:36:31 -------- d-----w- c:\program files\BillP Studios
2012-04-30 23:36:30 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-04-30 23:35:51 -------- d-----w- C:\d27b0a2f2bb7237feb3b37
2012-04-30 23:23:21 -------- d-----w- C:\7a2731adeedac8fda12c51
2012-04-30 23:07:24 -------- d-----w- c:\documents and settings\hp_administrator\application data\HPQ
2012-04-30 21:38:11 -------- d-----w- c:\program files\VideoLAN
2012-04-30 21:34:22 -------- d-----w- c:\program files\CCleaner
2012-04-30 21:28:44 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2012-04-30 21:28:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-30 21:28:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 21:28:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 21:27:25 10063000 ----a-w- c:\program files\mbam-setup-1.61.0.1400.exe
2012-04-30 21:19:42 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
2012-04-30 21:19:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-30 21:19:21 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-30 20:47:35 -------- d-----w- c:\windows\system32\appmgmt
2012-04-30 20:29:25 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG2012
2012-04-30 20:28:45 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\AVG Secure Search
2012-04-30 20:28:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG Secure Search
2012-04-30 20:28:34 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-04-30 20:28:32 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-30 20:28:31 -------- d-----w- c:\program files\AVG Secure Search
2012-04-30 20:28:03 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-04-30 20:27:39 -------- d--h--w- C:\$AVG
2012-04-30 20:27:39 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-30 20:27:39 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-04-30 20:27:19 -------- d-----w- c:\program files\AVG
2012-04-30 20:21:16 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-04-30 20:08:33 -------- d-----w- C:\59c3f86cf8ce2a0f4d99
2012-04-30 20:05:35 -------- d-----w- c:\program files\MSXML 4.0
2012-04-30 19:56:55 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-04-30 19:56:55 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-04-30 19:53:17 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-04-30 19:53:16 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-04-30 19:53:16 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-04-30 19:53:15 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-04-30 19:50:54 23040 ------w- c:\windows\kb913800.exe
2012-04-30 19:32:55 -------- d-----w- c:\program files\Seagate
2012-04-30 19:31:01 -------- d-s---w- c:\documents and settings\hp_administrator\UserData
2012-04-30 19:24:26 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-30 19:20:31 -------- d-----w- C:\a61c92e9d8a1ffd7a3ffb4fa9eccd1
2012-04-30 17:22:00 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Adobe
2012-04-30 17:19:04 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-04-30 17:19:04 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-04-30 17:19:01 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-30 17:19:01 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-30 17:18:56 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-04-30 17:18:56 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2012-04-30 17:18:43 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-04-30 17:18:43 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2012-04-30 17:18:38 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-30 17:18:38 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-04-29 20:23:09 -------- d-sh--w- C:\found.000
2012-04-29 18:59:00 -------- d-----w- c:\program files\Qwest
2012-04-29 18:58:31 -------- d-----w- c:\program files\common files\supportsoft
2012-04-29 18:58:09 -------- d-----w- c:\program files\2Wire
2012-04-29 18:58:07 143360 ----a-w- c:\windows\GTRemove.exe
2012-04-29 18:58:07 -------- d-----w- c:\program files\Actiontec
2012-04-29 18:56:02 -------- d-----w- c:\windows\system32\PreInstall
2012-04-29 18:55:38 -------- d-sh--r- C:\cmdcons
2012-04-29 18:55:36 -------- d-----w- c:\windows\setup.pss
2012-04-29 18:26:07 -------- d-----r- c:\documents and settings\all users\Documents
2012-04-29 18:24:06 -------- d-----r- c:\windows\Offline Web Pages
2012-04-29 18:21:12 -------- d-sh--r- c:\windows\system32\dllcache
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
==================== Find3M ====================
.
2012-03-19 12:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 12:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 18:27:25.04 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-30 18:45:00
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_SP2004C rev.VM100-49
Running: pmkdbng0.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB9AB1004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB9AB10D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB9AB0D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB9AB0E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB9AB0EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB9AB0F56]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6DDD360, 0x20574D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Files - GMER 1.0.15 ----

File C:\a61c92e9d8a1ffd7a3ffb4fa9eccd1\1055 0 bytes
File C:\a61c92e9d8a1ffd7a3ffb4fa9eccd1\1055\eula.rtf 3859 bytes
File C:\a61c92e9d8a1ffd7a3ffb4fa9eccd1\1055\LocalizedData.xml 76818 bytes
File C:\a61c92e9d8a1ffd7a3ffb4fa9eccd1\1055\SetupResources.dll 17752 bytes executable

---- EOF - GMER 1.0.15 ----

Edited by lognom, 30 April 2012 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 06 May 2012 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/452036 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 lognom

lognom
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 May 2012 - 02:20 AM

Hi,
In answer to your question, I don't have the original XP cd/dvd. The OS was already installed on my computer. However, I do have a set of xp recovery discs that I made after buying the computer.
I scanned the D drive with GMER as well as the C drive. I wasn't sure so I did them both.

Regards,
Lloyd
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by HP_Administrator at 22:53:49 on 2012-05-06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.397 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\cxa624ss.default\
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-8 5158992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-30 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 129976]
.
=============== Created Last 30 ================
.
2012-05-05 22:01:09 -------- d-----w- C:\5568bd86c8dfc2bbe0946b788827
2012-05-05 21:18:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-05-01 00:00:43 -------- d-----w- C:\d7bac86a88e9f5eb17dbd6a11f78a95c
2012-04-30 23:47:19 -------- d-----w- C:\355afd48b45359feacf06226f2cd
2012-04-30 23:36:38 -------- d-----w- c:\documents and settings\hp_administrator\application data\WinPatrol
2012-04-30 23:36:31 -------- d-----w- c:\program files\BillP Studios
2012-04-30 23:36:30 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-04-30 23:35:51 -------- d-----w- C:\d27b0a2f2bb7237feb3b37
2012-04-30 23:23:21 -------- d-----w- C:\7a2731adeedac8fda12c51
2012-04-30 23:07:24 -------- d-----w- c:\documents and settings\hp_administrator\application data\HPQ
2012-04-30 21:38:11 -------- d-----w- c:\program files\VideoLAN
2012-04-30 21:34:22 -------- d-----w- c:\program files\CCleaner
2012-04-30 21:28:44 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2012-04-30 21:28:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-30 21:28:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 21:28:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 21:27:25 10063000 ----a-w- c:\program files\mbam-setup-1.61.0.1400.exe
2012-04-30 21:19:42 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
2012-04-30 21:19:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-30 21:19:21 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-30 20:47:35 -------- d-----w- c:\windows\system32\appmgmt
2012-04-30 20:29:25 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG2012
2012-04-30 20:28:45 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\AVG Secure Search
2012-04-30 20:28:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG Secure Search
2012-04-30 20:28:34 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-04-30 20:28:32 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-30 20:28:31 -------- d-----w- c:\program files\AVG Secure Search
2012-04-30 20:28:03 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-04-30 20:27:39 -------- d--h--w- C:\$AVG
2012-04-30 20:27:39 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-30 20:27:39 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-04-30 20:27:19 -------- d-----w- c:\program files\AVG
2012-04-30 20:21:16 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-04-30 20:08:33 -------- d-----w- C:\59c3f86cf8ce2a0f4d99
2012-04-30 20:05:35 -------- d-----w- c:\program files\MSXML 4.0
2012-04-30 19:56:55 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-04-30 19:56:55 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-04-30 19:53:17 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-04-30 19:53:16 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-04-30 19:53:16 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-04-30 19:53:15 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-04-30 19:50:54 23040 ------w- c:\windows\kb913800.exe
2012-04-30 19:32:55 -------- d-----w- c:\program files\Seagate
2012-04-30 19:31:01 -------- d-s---w- c:\documents and settings\hp_administrator\UserData
2012-04-30 19:24:26 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-30 19:20:31 -------- d-----w- C:\a61c92e9d8a1ffd7a3ffb4fa9eccd1
2012-04-30 17:22:00 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Adobe
2012-04-30 17:19:04 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-04-30 17:19:04 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-04-30 17:19:01 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-30 17:19:01 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-30 17:18:56 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-04-30 17:18:56 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2012-04-30 17:18:43 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-04-30 17:18:43 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2012-04-30 17:18:38 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-30 17:18:38 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-04-29 20:23:09 -------- d-sh--w- C:\found.000
2012-04-29 18:59:00 -------- d-----w- c:\program files\Qwest
2012-04-29 18:58:31 -------- d-----w- c:\program files\common files\supportsoft
2012-04-29 18:58:09 -------- d-----w- c:\program files\2Wire
2012-04-29 18:58:07 143360 ----a-w- c:\windows\GTRemove.exe
2012-04-29 18:58:07 -------- d-----w- c:\program files\Actiontec
2012-04-29 18:56:02 -------- d-----w- c:\windows\system32\PreInstall
2012-04-29 18:55:38 -------- d-sh--r- C:\cmdcons
2012-04-29 18:55:36 -------- d-----w- c:\windows\setup.pss
2012-04-29 18:26:07 -------- d-----r- c:\documents and settings\all users\Documents
2012-04-29 18:24:06 -------- d-----r- c:\windows\Offline Web Pages
2012-04-29 18:21:12 -------- d-sh--r- c:\windows\system32\dllcache
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
==================== Find3M ====================
.
2012-03-19 12:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 12:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 22:54:40.06 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 AM

Posted 07 May 2012 - 07:00 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 lognom

lognom
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 May 2012 - 08:44 PM

Hi Mole,
I've attached those two reports you asked for.

Lloyd

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 AM

Posted 08 May 2012 - 04:50 PM

Which virus did AVG find when you ran it previously?
Posted Image
m0le is a proud member of UNITE

#7 lognom

lognom
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 May 2012 - 05:39 PM

Win32/Heur.dropper

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 AM

Posted 08 May 2012 - 05:46 PM

It looks okay so far. Try FSS

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#9 lognom

lognom
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 May 2012 - 05:55 PM

Only the "Internet Services" box was checked.

Attached Files

  • Attached File  FSS.txt   2.04KB   1 downloads


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 AM

Posted 08 May 2012 - 05:59 PM

It looks to me like you have a clean machine and the AVG has just picked off the dropper (the file that "drops" the malware into the machine)

Please scan with ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 lognom

lognom
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 May 2012 - 08:43 PM

Mole,
I ran ESET twice and it stalled. (I'd neglected to turn off my AVG). The first time it found a threat called WIN32/Adinstaller application. I turned AVG off and ran it a 3rd time. No threats. Log below.
Computer still stalls and checkdisk runs every time I restart. Whatever this problem is, it withstood reinstalling xp (via the D drive recovery sector, not the recovery disks). Does it make any sense to try something more extreme, like low level disk formatting?

Thanks,
Lloyd

Attached Files

  • Attached File  log.txt   882bytes   1 downloads

Edited by lognom, 08 May 2012 - 09:40 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 AM

Posted 09 May 2012 - 05:11 PM

I have to say that at this point this forum is not the right forum for this issue.

The fact that checkdisk is running on every boot tells me that you need to get a hardware diagnosis and so I suggest you post a topic in the XP forum to get help from our staff and members as soon as you can.

I will close this topic in five days, if you need to PM me after than then please do. :)
Posted Image
m0le is a proud member of UNITE

#13 lognom

lognom
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 09 May 2012 - 05:32 PM

Mole,
Will do.

Thanks

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:15 AM

Posted 14 May 2012 - 07:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users