please help, after removing virus from my computer Windows does not run!!!

[mya2012]

hi
here is the report:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:29 on 14/06/2012 by HP_Owner
Administrator - Elevation successful

No Context: code:[select]

========== filefind ==========

Searching for "ixplorer.exe"
No files found.

-= EOF =-

[SuperDave]

Could you please download and run ComboFix as outlined in Reply # 40?

[mya2012]

hi,
i ran the combofix and after completing stage 50 ,it did started to delete some files and i think one was Windows32/ps (i am not quite sure about the ps part though!)
however after restarting the computer by combofix it straight went to the same page saying "windows had to shut down to prevent any harm to your computer". so i had again to run pc recovery and start all over again!

[mya2012]

hi,
I ran the combofix and after completing stage 50 ,it did start to delete some files and I think one was Windows32/ps (i am not quite sure about the ps part though!)
however after restarting the computer by combofix it straight went to the same page saying "windows had to shut down to prevent any harm to your computer". so i had again to run pc recovery and start all over again!
I also ran Malwarebytes anti-malware and nothing was detected.

[SuperDave]

I'm still concerned about the ixplorer.exe.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[mya2012]

hi , here is the result of dds logfile:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Owner at 15:10:39 on 2012-06-17
Microsoft Windows XP Home Edition  5.1.2600.2.1252.44.1033.18.959.705 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\sirajo~1.lnk - c:\program files\sakhr\siraj online\siraj online 1.0\SirajHotKey.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26EE1428-4D62-4348-8A71-C1A3C8FFF4F7} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-16 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NAVENG.Sys [2005-1-1 72712]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NavEx15.Sys [2005-1-1 629544]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-16 257224]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]
.
=============== Created Last 30 ================
.
2012-06-16 15:36:13   --------   d-----w-   c:\windows\system32\cache
2012-06-16 10:00:57   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 10:00:57   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-16 07:38:58   263552   ------w-   c:\windows\system32\dllcache\http.sys
2012-06-16 07:20:46   --------   d-----w-   c:\windows\system32\CatRoot_bak
2012-06-15 21:04:42   --------   d-sh--w-   c:\documents and settings\hp_owner.bella.003\PrivacIE
2012-06-15 19:14:59   --------   d-sh--w-   c:\documents and settings\hp_owner.bella.003\IETldCache
2012-06-15 19:07:08   12800   ------w-   c:\windows\system32\dllcache\xpshims.dll
2012-06-15 19:07:07   599040   ------w-   c:\windows\system32\dllcache\msfeeds.dll
2012-06-15 19:07:07   55296   ------w-   c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-15 19:07:06   247808   ------w-   c:\windows\system32\dllcache\ieproxy.dll
2012-06-15 19:07:06   1985536   ------w-   c:\windows\system32\dllcache\iertutil.dll
2012-06-15 19:07:05   743424   ------w-   c:\windows\system32\dllcache\iedvtool.dll
2012-06-15 19:07:05   11076096   ------w-   c:\windows\system32\dllcache\ieframe.dll
2012-06-15 18:14:10   --------   d-sh--w-   c:\documents and settings\hp_owner.bella.003\UserData
2012-06-15 16:46:43   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\Malwarebytes
2012-06-15 16:26:14   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2012-06-15 16:26:14   272128   ------w-   c:\windows\system32\dllcache\bthport.sys
2012-06-15 16:25:35   454016   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2012-06-15 16:24:00   2181376   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2012-06-15 16:23:59   2137088   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2012-06-15 16:23:59   2058368   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2012-06-15 16:23:59   2016768   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2012-06-15 16:23:05   17920   ------w-   c:\windows\system32\dllcache\msyuv.dll
2012-06-15 16:22:12   293376   ------w-   c:\windows\system32\browserchoice.exe
2012-06-15 16:21:59   8704   ------w-   c:\windows\system32\dllcache\tsbyuv.dll
2012-06-15 16:21:58   48128   ------w-   c:\windows\system32\dllcache\iyuv_32.dll
2012-06-15 16:14:57   --------   d-----w-   c:\windows\system32\PreInstall
2012-06-15 16:14:56   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-06-15 12:06:50   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\AVG2012
2012-06-15 11:51:38   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\local settings\application data\AVG Secure Search
2012-06-15 11:51:25   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\AVG Secure Search
2012-06-15 11:51:23   --------   d-----w-   c:\documents and settings\all users\application data\AVG Secure Search
2012-06-15 11:51:20   --------   d-----w-   c:\program files\common files\AVG Secure Search
2012-06-15 11:51:19   --------   d-----w-   c:\program files\AVG Secure Search
2012-06-15 11:49:50   --------   d--h--w-   C:\$AVG
2012-06-15 11:49:50   --------   d-----w-   c:\windows\system32\drivers\AVG
2012-06-15 11:49:50   --------   d-----w-   c:\documents and settings\all users\application data\AVG2012
2012-06-15 11:49:17   --------   d-----w-   c:\program files\AVG
2012-06-15 11:48:43   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2012-06-15 11:25:14   --------   d-----w-   c:\documents and settings\all users\application data\IObit
2012-06-15 11:24:04   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\IObit
2012-06-15 11:23:34   --------   d-----w-   c:\program files\IObit
2012-06-15 10:36:08   --------   d-----w-   C:\98cf2319830f845388
2012-06-15 10:17:51   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-06-15 10:17:51   476936   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-06-15 10:17:51   472840   ----a-w-   c:\windows\system32\deployJava1.dll
2012-06-15 10:15:44   --------   d-sh--r-   C:\cmdcons
2012-06-15 10:15:06   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\local settings\application data\LightScribe
2012-06-15 10:14:48   221184   ----a-w-   c:\windows\system32\wmpns.dll
2012-06-15 10:12:10   --------   d-----w-   c:\program files\SiS VGA Utilities V3.63
2012-06-15 10:10:54   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2012-06-15 09:29:14   --------   d-s---w-   C:\ComboFix
2012-06-15 09:18:03   6737808   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29833732-476a-4ffa-b763-49317fb3ac6a}\mpengine.dll
2012-06-14 17:45:52   6737808   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-09 16:52:24   --------   d-----w-   c:\program files\Microsoft Security Client
2012-06-08 17:44:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-06-08 17:44:50   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-06-08 09:31:50   1409   ----a-w-   c:\windows\QTFont.for
2012-06-06 17:03:32   --------   d-----w-   c:\program files\Un-Rar for Windows
2012-06-06 16:20:49   --------   d-----w-   c:\program files\Microsoft Download Manager
2012-06-05 18:30:23   98816   ----a-w-   c:\windows\sed.exe
2012-06-05 18:30:23   518144   ----a-w-   c:\windows\SWREG.exe
2012-06-05 18:30:23   256000   ----a-w-   c:\windows\PEV.exe
2012-06-05 18:30:23   208896   ----a-w-   c:\windows\MBR.exe
2012-06-03 16:33:56   --------   d-----w-   c:\program files\uTorrentControl2
2012-06-03 16:33:40   --------   d-----w-   c:\program files\uTorrent
2012-05-21 11:49:36   61440   ----a-w-   c:\program files\common files\system\ole db\SET48C.tmp
2012-05-21 11:49:36   528384   ----a-w-   c:\program files\common files\system\ole db\SET48D.tmp
2012-05-21 11:49:36   28672   ----a-w-   c:\program files\common files\system\ole db\SET48A.tmp
2012-05-21 11:49:36   217088   ----a-w-   c:\program files\common files\system\ole db\SET48B.tmp
2012-05-21 11:49:16   65536   ----a-w-   c:\program files\common files\system\ole db\SET48E.tmp
2012-05-21 11:49:16   487424   ----a-w-   c:\program files\common files\system\ole db\SET48F.tmp
2012-05-21 11:49:05   24576   ----a-w-   c:\program files\common files\system\ole db\SET490.tmp
2012-05-21 11:49:00   102400   ----a-w-   c:\program files\common files\system\ado\SET54E.tmp
2012-05-20 15:22:14   28672   ----a-w-   c:\program files\common files\system\ole db\SET475.tmp
2012-05-20 15:22:14   217088   ----a-w-   c:\program files\common files\system\ole db\SET476.tmp
2012-05-20 15:22:13   61440   ----a-w-   c:\program files\common files\system\ole db\SET477.tmp
2012-05-20 15:22:13   528384   ----a-w-   c:\program files\common files\system\ole db\SET478.tmp
2012-05-20 15:20:50   19569   ----a-w-   c:\windows\005128_.tmp
2012-05-19 15:36:57   19569   ----a-w-   c:\windows\005163_.tmp
2012-05-19 12:01:49   --------   d-----w-   c:\program files\Ask.com
2012-05-19 11:51:33   --------   d-----w-   c:\documents and settings\all users\application data\Ask
.
==================== Find3M  ====================
.
2012-04-19 03:50:26   24896   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 15:11:52.37 ===============


result for attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 15/06/2012 11:12:54
System Uptime: 17/06/2012 12:38:09 (3 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1790/200mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 11 ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
AVG 2012
BufferChm
CameraDrivers
CC_ccProxyExt
ccCommon
ccPxyCore
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
Easy Internet Sign-up
Fax
Help and Support Additions
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
HpSdpAppCoreApp
InstantShare
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 33
KBD
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
PanoStandAlone
PC-Doctor for Windows
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SiS VGA Utilities
SkinsHP1
Sonic Express Labeler
Sonic RecordNow!
SPBBC
SymNet
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB914882)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB890175
.
==== Event Viewer Messages From Past Week ========
.
17/06/2012 08:42:12, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
16/06/2012 16:35:01, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
16/06/2012 08:14:57, error: PlugPlayManager [12]  - The device 'HL-DT-ST DVD-RAM GH22LP20' (IDE\CdRomHL-DT-ST_DVD-RAM_GH22LP20_______________1.02____\5&36942936&0&0.0.0) disappeared from the system without first being prepared for removal.
15/06/2012 17:18:20, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
15/06/2012 14:40:01, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
15/06/2012 14:01:23, error: atapi [9]  - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
15/06/2012 13:24:49, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort2.
15/06/2012 13:08:22, error: Service Control Manager [7034]  - The Advanced SystemCare Service 5 service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

[SuperDave]

Is ixplorer.exe still showing up in your task manager?

[mya2012]

yes there are 4 iexplorer with a memory usage of 11,944;  128,566;  54,982; 11,600 and all HP- user.
,

[SuperDave]

yes there are 4 iexplorer with a memory usage of 11,944;  128,566;  54,982; 11,600 and all HP- user.
,

Using your Task Manager please end process on each of those one by one and see what happens. This is a suspicious file.

[mya2012]

as soon as i click "end process"of on one of them, the internet explorer page closes. and when i re-open it again and check the task manager i can see 2,3 iexplorer came back again.

[SuperDave]

as soon as i click "end process"of on one of them, the internet explorer page closes. and when i re-open it again and check the task manager i can see 2,3 iexplorer came back again.

It's ixplorer.exe that you should targetting not iexplorer

[mya2012]

as far as i can see in task manager all the files have extension .exe and yes I did end the process of iexplorer.exe

[SuperDave]

Please give me an update on how your computer is working.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[mya2012]

the computer speed is not really good for example it took esetscanner around 3 hours to finish.if i want to close a web page i have to click the close button 3 times!

eset scan:

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll   a variant of Win32/Adware.Yontoo.B application   cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\4\4a28dd84-1b318e38   multiple threats   deleted - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\8\6613c808-69c0a107   Java/Agent.EA trojan   deleted - quarantined
C:\Documents and Settings\HP_Owner.BELLA.003\Application Data\Sun\Java\Deployment\cache\6.0\51\877c433-1f29a391   Java/Exploit.CVE-2012-0507.BR trojan   cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner.BELLA.003\Application Data\Sun\Java\Deployment\cache\6.0\58\7f0d787a-69139776   Java/Exploit.CVE-2012-0507.BS trojan   deleted - quarantined

[SuperDave]

the computer speed is not really good for example it took esetscanner around 3 hours to finish.if i want to close a web page i have to click the close button 3 times!

Running a scan is not a good indicator of the speed of your computer. Looking back over this thread I can't believe that we've been at for almost three months. Unfortunately, there's not much else I can help you with except to give this piece of information.

Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!