0

My son was on the computer the other day and said he went to a music site and a box come on and said it was going to run a virus scan. When he clicked the x it went ahead and ran the program anyway and he just shut my computer down and didn't tell me. I knew there was something wrong so I ran malware bytes and avg but it still is not running right. It freezes, delays around 7 seconds when I click.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:11 AM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6923 bytes
nything. Will try to send hijack log if it doesn't freeze first.

4
Contributors
42
Replies
43
Views
7 Years
Discussion Span
Last Post by crunchie
0

Please post the MBA-M log also.

Malwarebytes' Anti-Malware 1.44
Database version: 3597
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/19/2010 8:52:10 AM
mbam-log-2010-01-19 (08-52-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 233284
Time elapsed: 42 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP165\A0035888.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP165\A0036021.sys (Malware.Trace) -> Quarantined and deleted successfully.

0

Ok do the following:
Download DDS by sUBs and save it to your Desktop.
Be sure follow the instructions below carefully!

If your AV has a script blocker, please disable it
DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

• Copy&Paste the DDS.txt into your post for assistance.
Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

0

Ok do the following:
Download DDS by sUBs and save it to your Desktop.
Be sure follow the instructions below carefully!

If your AV has a script blocker, please disable it
DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

• Copy&Paste the DDS.txt into your post for assistance.
Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/4/2009 2:17:28 PM
System Uptime: 1/19/2010 1:09:29 PM (3 hours ago)

Motherboard: Dell Inc. | | 0ND237
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 59.07 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP86: 10/21/2009 8:25:27 AM - Avg8 Update
RP87: 10/22/2009 8:41:15 AM - System Checkpoint
RP88: 10/23/2009 7:33:58 AM - Software Distribution Service 3.0
RP89: 10/24/2009 4:44:05 PM - System Checkpoint
RP90: 10/25/2009 6:43:51 PM - System Checkpoint
RP91: 10/26/2009 8:09:50 PM - System Checkpoint
RP92: 10/27/2009 7:15:37 AM - Software Distribution Service 3.0
RP93: 10/28/2009 8:47:56 AM - System Checkpoint
RP94: 10/29/2009 11:08:28 AM - System Checkpoint
RP95: 10/29/2009 8:34:15 PM - Software Distribution Service 3.0
RP96: 10/31/2009 9:46:38 AM - System Checkpoint
RP97: 11/1/2009 4:28:39 PM - System Checkpoint
RP98: 11/2/2009 5:25:37 PM - System Checkpoint
RP99: 11/2/2009 9:59:05 PM - Software Distribution Service 3.0
RP100: 11/3/2009 10:11:40 AM - Avg8 Update
RP101: 11/4/2009 6:43:08 AM - Software Distribution Service 3.0
RP102: 11/4/2009 7:21:11 AM - Installed Java(TM) 6 Update 17
RP103: 11/5/2009 9:42:43 AM - System Checkpoint
RP104: 11/6/2009 9:14:40 AM - Avg8 Update
RP105: 11/7/2009 2:21:35 PM - Software Distribution Service 3.0
RP106: 11/8/2009 5:24:39 PM - System Checkpoint
RP107: 11/9/2009 10:10:38 AM - Software Distribution Service 3.0
RP108: 11/11/2009 6:43:59 AM - Software Distribution Service 3.0
RP109: 11/12/2009 9:30:41 AM - System Checkpoint
RP110: 11/13/2009 6:47:02 AM - Software Distribution Service 3.0
RP111: 11/14/2009 3:57:44 PM - System Checkpoint
RP112: 11/15/2009 10:39:33 PM - System Checkpoint
RP113: 11/16/2009 5:21:04 PM - Software Distribution Service 3.0
RP114: 11/20/2009 8:06:23 AM - Software Distribution Service 3.0
RP115: 11/23/2009 12:40:37 PM - Software Distribution Service 3.0
RP116: 11/25/2009 7:23:31 AM - Software Distribution Service 3.0
RP117: 11/26/2009 9:55:51 AM - Avg8 Update
RP118: 11/26/2009 9:56:06 AM - Software Distribution Service 3.0
RP119: 11/27/2009 10:05:44 AM - System Checkpoint
RP120: 11/28/2009 11:24:24 AM - System Checkpoint
RP121: 11/30/2009 7:55:50 AM - System Checkpoint
RP122: 12/1/2009 6:21:19 AM - Software Distribution Service 3.0
RP123: 12/3/2009 8:31:11 AM - System Checkpoint
RP124: 12/4/2009 5:35:02 AM - Software Distribution Service 3.0
RP125: 12/6/2009 9:41:54 AM - System Checkpoint
RP126: 12/7/2009 8:16:53 PM - Software Distribution Service 3.0
RP127: 12/9/2009 9:28:38 AM - Avg8 Update
RP128: 12/9/2009 3:56:33 PM - Installed Microsoft WSE 3.0 Runtime
RP129: 12/9/2009 3:57:28 PM - Installed Ancestry World Archives Project - Keying Tool.
RP130: 12/10/2009 10:26:40 AM - Software Distribution Service 3.0
RP131: 12/10/2009 12:42:33 PM - Software Distribution Service 3.0
RP132: 12/12/2009 4:49:18 AM - Software Distribution Service 3.0
RP133: 12/12/2009 8:41:13 AM - Avg8 Update
RP134: 12/12/2009 8:42:32 AM - Avg8 Update
RP135: 12/13/2009 9:35:02 AM - System Checkpoint
RP136: 12/13/2009 1:25:54 PM - Software Distribution Service 3.0
RP137: 12/15/2009 6:47:55 AM - Software Distribution Service 3.0
RP138: 12/18/2009 5:31:06 AM - Software Distribution Service 3.0
RP139: 12/20/2009 7:39:40 AM - System Checkpoint
RP140: 12/21/2009 4:10:46 PM - System Checkpoint
RP141: 12/22/2009 7:35:40 AM - Software Distribution Service 3.0
RP142: 12/22/2009 8:54:43 AM - Avg8 Update
RP143: 12/24/2009 8:31:36 AM - System Checkpoint
RP144: 12/25/2009 5:32:36 AM - Software Distribution Service 3.0
RP145: 12/27/2009 1:38:00 PM - System Checkpoint
RP146: 12/28/2009 5:59:28 PM - Avg8 Update
RP147: 12/29/2009 4:16:42 AM - Software Distribution Service 3.0
RP148: 12/30/2009 1:36:53 PM - System Checkpoint
RP149: 12/31/2009 1:42:42 PM - System Checkpoint
RP150: 1/1/2010 5:26:30 AM - Software Distribution Service 3.0
RP151: 1/2/2010 8:18:45 AM - System Checkpoint
RP152: 1/3/2010 6:02:29 PM - System Checkpoint
RP153: 1/4/2010 8:54:41 AM - Avg8 Update
RP154: 1/5/2010 5:48:45 AM - Software Distribution Service 3.0
RP155: 1/6/2010 8:29:26 AM - System Checkpoint
RP156: 1/7/2010 3:50:44 PM - System Checkpoint
RP157: 1/8/2010 5:55:00 AM - Software Distribution Service 3.0
RP158: 1/10/2010 8:15:06 AM - System Checkpoint
RP159: 1/11/2010 4:49:40 PM - System Checkpoint
RP160: 1/12/2010 6:22:04 AM - Software Distribution Service 3.0
RP161: 1/13/2010 2:22:43 PM - Software Distribution Service 3.0
RP162: 1/14/2010 4:17:05 PM - System Checkpoint
RP163: 1/15/2010 6:20:46 AM - Software Distribution Service 3.0
RP164: 1/16/2010 1:13:47 PM - System Checkpoint
RP165: 1/17/2010 6:08:16 PM - System Checkpoint

==== Installed Programs ======================

1st Grade v1.0
6200
6200_Help
6200Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
Ancestry World Archives Project - Keying Tool
AVG 8.5
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Destinations
Director
Fax
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSystemDiagnostics
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
Java(TM) 6 Update 5
LightScribe System Software 1.10.19.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Move Media Player
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Pajama Sam No Need to Hide When It's Dark Outside
PowerDVD
ProductContext
QFolder
QuickTime
Readme
Samsung Master
Samsung USB Driver
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SoundMAX
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Works Suite OS Pack
Works Synchronization
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/19/2010 4:32:47 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
1/18/2010 6:37:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/18/2010 4:22:34 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
1/18/2010 4:07:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
1/18/2010 4:03:10 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/12/2010 1:22:53 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

==== End Of File =====

DDS (Ver_09-12-01.01) - NTFSx86
Run by Customer at 16:35:36.90 on Tue 01/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.361 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Customer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dogpile.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-5 297752]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2010-01-08 00:18:41 0 d-----w- c:\docume~1\customer\applic~1\HpUpdate
2010-01-08 00:18:37 0 d-----w- c:\windows\Hewlett-Packard

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-07-25 09:57:49 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

=============

0

Other than a lot of unnecessary start ups I don't see anything wrong in either the HJT log or the DDS log. I don't see anything unusual recently. Several errors with AVG, which is somewhat out of date as there is a newer version available. I would advise you try a different AV program however, Avira Free is excellent.
But I see nothing unusual in any of the logs. Items found by MBA-M were old items from System Restore.
Have you done a good clean up and defrag?

0

a box come on and said it was going to run a virus scan. When he clicked the x it went ahead and ran the program anyway . . . .

I doubt anything actually "ran."

Most often, these "scans" are flash video made to look like a scanner has found a boatload of baddies.

Then, you are prompted to download an installer for a rogue anti-malware program to "remove" these non-existent baddies.

Sounds like your son shut everything down rather than DL and install the rogue app, so that is not a factor in the issues you are having now.

-- I agree with Judy about the cleaning, updating and defrag.


Just wanted to pop in and explain what your son encountered. A lot of people get infected this way.

Cheers :)
PP

0

I doubt anything actually "ran."

Most often, these "scans" are flash video made to look like a scanner has found a boatload of baddies.

Then, you are prompted to download an installer for a rogue anti-malware program to "remove" these non-existent baddies.

Sounds like your son shut everything down rather than DL and install the rogue app, so that is not a factor in the issues you are having now.

-- I agree with Judy about the cleaning, updating and defrag.


Just wanted to pop in and explain what your son encountered. A lot of people get infected this way.

Cheers :)
PP

I downloaded the Avira antivirus, scanned with it, have a log I'm attaching. Defraged, and disk cleaned. Here is the log.


Avira AntiVir Personal
Report file date: Tuesday, January 19, 2010 20:05

Scanning for 1570785 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DELLGX62-C4CEE3

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:02:35
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 01:02:35
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 01:02:35
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 01:02:35
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 01:02:35
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 01:02:36
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 01:02:36
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 01:02:36
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 01:02:36
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 01:02:36
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 01:02:37
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 01:02:37
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 01:02:39
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 01:02:43
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 01:02:45
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 01:02:48
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 01:02:49
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 01:02:51
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 01:02:54
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 01:02:56
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 01:02:58
VBASE022.VDF : 7.10.2.158 192000 Bytes 1/11/2010 01:03:00
VBASE023.VDF : 7.10.2.186 200704 Bytes 1/14/2010 01:03:02
VBASE024.VDF : 7.10.2.205 201728 Bytes 1/15/2010 01:03:04
VBASE025.VDF : 7.10.2.219 158720 Bytes 1/18/2010 01:03:06
VBASE026.VDF : 7.10.2.230 173056 Bytes 1/19/2010 01:03:08
VBASE027.VDF : 7.10.2.231 2048 Bytes 1/19/2010 01:03:08
VBASE028.VDF : 7.10.2.232 2048 Bytes 1/19/2010 01:03:08
VBASE029.VDF : 7.10.2.233 2048 Bytes 1/19/2010 01:03:08
VBASE030.VDF : 7.10.2.234 2048 Bytes 1/19/2010 01:03:08
VBASE031.VDF : 7.10.2.239 75776 Bytes 1/19/2010 01:03:09
Engineversion : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 12:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/20/2010 01:03:27
AESCN.DLL : 8.1.3.1 127348 Bytes 1/20/2010 01:03:25
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 12:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/20/2010 01:03:24
AEPACK.DLL : 8.2.0.5 422262 Bytes 1/20/2010 01:03:22
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 12:38:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 1/20/2010 01:03:20
AEHELP.DLL : 8.1.10.0 237942 Bytes 1/20/2010 01:03:14
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/20/2010 01:03:12
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26
AECORE.DLL : 8.1.9.5 184693 Bytes 1/20/2010 01:03:10
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, January 19, 2010 20:05

Starting search for hidden objects.
'92616' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '61' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Customer\Desktop\setup.exe
[DETECTION] Is the TR/Drop.FakeAlert.X Trojan
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\4XXF3G8B\oU230d9c2eH84205063V0100f080006Rf129df8a102Tcf73e14f201l0409K7464713a317[1].pdf
[DETECTION] Contains recognition pattern of the EXP/Pidief.GI exploit
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JPB76GMF\app_handler[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP139\A0028162.ax
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028260.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028261.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028262.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028263.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028264.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP165\A0033346.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP169\A0041113.exe
[DETECTION] Is the TR/Fakealert.CY Trojan

Beginning disinfection:
C:\Documents and Settings\Customer\Desktop\setup.exe
[DETECTION] Is the TR/Drop.FakeAlert.X Trojan
[NOTE] The file was moved to '4bca5fb7.qua'!
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\4XXF3G8B\oU230d9c2eH84205063V0100f080006Rf129df8a102Tcf73e14f201l0409K7464713a317[1].pdf
[DETECTION] Contains recognition pattern of the EXP/Pidief.GI exploit
[NOTE] The file was moved to '4b885fa8.qua'!
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JPB76GMF\app_handler[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4bc65fc3.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP139\A0028162.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b865f83.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028260.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae09964.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028261.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae5f00c.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028262.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aef81bc.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028263.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aee89f4.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP142\A0028264.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aedb98c.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP165\A0033346.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48b6ac84.qua'!
C:\System Volume Information\_restore{3AEA9612-8ABB-46D4-BE25-3FC0FA33BBEA}\RP169\A0041113.exe
[DETECTION] Is the TR/Fakealert.CY Trojan
[NOTE] The file was moved to '48b7a54c.qua'!


End of the scan: Tuesday, January 19, 2010 20:41
Used time: 35:22 Minute(s)

The scan has been done completely.

5865 Scanned directories
198310 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
11 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
198298 Files not concerned
5631 Archives were scanned
1 Warnings
12 Notes
92616 Objects were scanned with rootkit scan
0 Hidden objects were found

0

Well you DID have infection on there at some time. Everything found by Avira was in System Restore.
You might update MBA-M and do one more scan with it. If it comes up clean then reset System Restore so it will have a new, clean restore point.
To do this Right Click My Computer, Choose Properties. When that opens click on the System Restore Tab. Put a check mark in Turn Off System Restore. You will get a warning it is turning off, click ok or yes, whatever the answer is. It will turn off. Then do the reverse and remove the check mark and it will turn back on with a new and clean restore point.

0

Here is log after I restored and I was wondering why it said this: Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
And is this normal?

Avira AntiVir Personal
Report file date: Wednesday, January 20, 2010 07:16

Scanning for 1572646 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DELLGX62-C4CEE3

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:02:35
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 01:02:35
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 01:02:35
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 01:02:35
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 01:02:35
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 01:02:36
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 01:02:36
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 01:02:36
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 01:02:36
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 01:02:36
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 01:02:37
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 01:02:37
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 01:02:39
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 01:02:43
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 01:02:45
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 01:02:48
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 01:02:49
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 01:02:51
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 01:02:54
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 01:02:56
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 01:02:58
VBASE022.VDF : 7.10.2.158 192000 Bytes 1/11/2010 01:03:00
VBASE023.VDF : 7.10.2.186 200704 Bytes 1/14/2010 01:03:02
VBASE024.VDF : 7.10.2.205 201728 Bytes 1/15/2010 01:03:04
VBASE025.VDF : 7.10.2.219 158720 Bytes 1/18/2010 01:03:06
VBASE026.VDF : 7.10.2.230 173056 Bytes 1/19/2010 01:03:08
VBASE027.VDF : 7.10.2.231 2048 Bytes 1/19/2010 01:03:08
VBASE028.VDF : 7.10.2.232 2048 Bytes 1/19/2010 01:03:08
VBASE029.VDF : 7.10.2.233 2048 Bytes 1/19/2010 01:03:08
VBASE030.VDF : 7.10.2.234 2048 Bytes 1/19/2010 01:03:08
VBASE031.VDF : 7.10.2.242 102400 Bytes 1/20/2010 12:15:48
Engineversion : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 12:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/20/2010 01:03:27
AESCN.DLL : 8.1.3.1 127348 Bytes 1/20/2010 01:03:25
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 12:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/20/2010 01:03:24
AEPACK.DLL : 8.2.0.5 422262 Bytes 1/20/2010 01:03:22
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 12:38:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 1/20/2010 01:03:20
AEHELP.DLL : 8.1.10.0 237942 Bytes 1/20/2010 01:03:14
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/20/2010 01:03:12
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26
AECORE.DLL : 8.1.9.5 184693 Bytes 1/20/2010 01:03:10
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, January 20, 2010 07:16

Starting search for hidden objects.
'95180' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '61' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.


End of the scan: Wednesday, January 20, 2010 07:38
Used time: 22:02 Minute(s)

The scan has been done completely.

5541 Scanned directories
186437 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
186436 Files not concerned
5577 Archives were scanned
1 Warnings
1 Notes
95180 Objects were scanned with rootkit scan
0 Hidden objects were found

0

C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.

Yes this is perfectly normal pagefile.sys is in use by the operating system and can't be opened by Antivir.
Looks clean.

0

Thankyou for you help. I'll see how it goes. But could you tell me what or how many normal processes should be running on my task manager?

0

Thankyou for you help. I'll see how it goes. But could you tell me what or how many normal processes should be running on my task manager?

There is no set number. It depends on what programs you are running at any given time. Just looking at your logs, both the HJT log and the DDS log there didn't seem to be an unusual number running.

0

Computer is not running right. Keeps freezing on me. Wants to send something to do with Dr. Watson's debugger causing the problem error to microsoft. Tried to get to this page through email and would freeze everytime, so came not through email. Son needs this computer to do his on-line school. Still hesitates and takes too long to load pages.

0

Give us a NEW HiJackThis log. Tell me this, do you do a lot of cd burning? Do you use Yahoo Messenger?
How large is the hard drive, how full is it? Open My Computer, right click "C" drive, choose Properties, It will tell you how large and how full it is.
How much RAM is installed? Right Click My Computer, choose Properties. First Tab you see will list the amount of RAM along with other info.

Edited by jholland1964: n/a

0

Give us a NEW HiJackThis log. Tell me this, do you do a lot of cd burning? NEVER HAVE USED IT.
Do you use Yahoo Messenger?NO, I HATE IT.
How large is the hard drive, how full is it? 2.80 GHz, 2.79 GHz 0.99 GB of RAM.
12.5 GB used. 61.9 GB free.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:32 AM, on 1/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6724 bytes

0

Do you use anything MSN or Yahoo?

Well, I use yahoo mail. Yahoo messenger could be on here but I don't use it. Anything MSN, I have no idea. If it isn't necessary to run my computer then I don't want it. The most important thing, (to me personally), is for my son to do his on-line schooling. To them, socializing on facebook. I have put a stop to any other web sites but school through ECOT, and facebook. If you can give me a clue as to what I am looking for pertaining to MSN, I will go through my computer and look. Other than that I really don't want to delete on my own.

0

I am sorry I have been away for three days. Can you tell me if there is a lot of CD burning done with the computer? Answer that and then I will be able to give you a list of things which still need to be done.
Judy

0

I am sorry I have been away for three days. Can you tell me if there is a lot of CD burning done with the computer? Answer that and then I will be able to give you a list of things which still need to be done.
Judy

I have never used it and neither have my kids. I plan on it some time but not right now.

0

First of all download and install the following program, CodeStuff Starter. This is a FREE program which will help you control unnecessary auto starting programs and services.
Once it is downloaded and installed open the program and click on the Start ups tab.
There you will see various programs listed which auto starts. Go through each section and remove the check marks from the following entries:
Windows Defender
SoundMAXPnP
QuickTime Task
NeroFilterCheck
Adobe Reader Speed Launcher
Microsoft Default Manager
SunJavaUpdateSched
HP Software Update
LightScribe Control Panel

Next go to the Services Tab. These are listed in alphabetical order so scroll through the list until you find these.
LightScribeService Direct Disc Labeling Service
YahooAUService.exe

One at a time double click on the entry. When the properties opens, first Stop the service if it is running. Then change the start up type to Disabled.
Close CodeStuff Starter, reboot the computer.

Run HiJackThis again, but this time just the System Scan button, we won't need a new log yet, and put check marks next to the following entries if they still show:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Once you have placed all the check marks then click the Fix Checked button. Exit HJT and reboot the computer.
Run a new HJT scan and this time save the log. Post back here with the log and a report on how the computer is running.
Judy

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:56 PM, on 1/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4346 bytes
I will get back with you on how it is running after I use it a little while. I do have a question, when I get internet explorer up am I suppose to have 2 or 3 iexplorer.exe running in my task manager? Seems like one is running really high and the other or others are running slower. Just curious. Thanks

0

You should have only one, however this could be a "quirk" with IE8, I am not sure. I use Firefox so I cannot say absolutely. There are none showing in your latest HJT log.

0

You should have only one, however this could be a "quirk" with IE8, I am not sure. I use Firefox so I cannot say absolutely. There are none showing in your latest HJT log.

They only are there when IE is up.

0

Then it is probably normal. IE8 is a very "quirky" browser, especially in something other than Vista or Windows 7 (which is is actually created for)

0

computer keeps freezing on pages. have to cut power to shut computer down several times a day.

0

If you have your OS CD, please try the following;

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.

==

Is there anything in particular that causes the pc to freeze?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.