please help, after removing virus from my computer Windows does not run!!!

[mya2012]

a computer tech removed virus from my computer ,however after restarting the system Windows does not run and the tech says because hard drive is broken and can not accept any info. my computer was working well before virus and i had no problem with it !can you please help !

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

[Darthgumby]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.  If you want to help, please go here. First Warning! Superdave.

[mya2012]

hi Superdave,

many thanks for your reply and helping me out.

please be patient with me as i am slow when it comes to things like this! i haven't got the cd RW and i have to buy that but can you tell me please what it should be the size of its memory first?

many thanks

mya2012

[mya2012]

sorry superdave , it just happened when i switched the pc onand no i noticed i can run the Windows in safe mode , does this help the process? thanks

[SuperDave]

it just happened when i switched the pc onand no i noticed i can run the Windows in safe mode , does this help the process? thanks

Ok. Let's run MBAM in Safe mode with Networking.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[mya2012]

hi SuperDave

here is the report, i couldn't  believe it, after removing virus from my computer by a tech , still 170 virus was detected!


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.01.04
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
HP_Owner :: YOUR-447023AE6B [administrator]
01/04/2012 22:31:47
mbam-log-2012-04-01 (22-31-47).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368692
Time elapsed: 40 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 30
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 136
C:\Program Files\14res.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\HackerPro\Rec.exe (PUP.PassView) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\14res.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner\avatar.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\003D0595.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00125DF7 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F1673 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F1A1D.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F1D1A.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F20C4.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F224A.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003F245E.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0062E37D (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A24736.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A24B0E.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A24D22.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A251A6.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\021A0AF3.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\05D1331B.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)

[SuperDave]

i couldn't  believe it, after removing virus from my computer by a tech , still 170 virus was detected!

Please re-boot in Normal mode and try running MBAM again. Also this one.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

[mya2012]

Hi SuperDave,

I still can not run in normal mode!should I run the SUPERAntiSpyware on safe mode?

thanks
mya2012

[SuperDave]

I still can not run in normal mode!

What happens when you try to boot in Normal Mode?

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[mya2012]

hi,

when i try to boot the system, at first i see the windows logo and the blue bar underneath it but after few
seconds screen goes black  then blue and starts with a sentence saying " we are sorry for the inconvenience .
but the Windows can not complete.you have received this message as a result of installing a new software or hardware.please chose one of the followings:
safe mode
safe mode with networking
last known good configuration.

i did run the AVP tool however it did not give me any options as you mentioned in red colour.
however it did not detect any threats.here is the first part of report :
(if you want to see the full report please let me know)

Automatic Scan: completed 2 minutes ago   (events: 1389, objects: 1304, time: 00:04:02)   
03/04/2012 22:12:36   Task started         
03/04/2012 22:12:36   OK   System Memory      
03/04/2012 22:12:37   OK   smss.exe\smss.exe      
03/04/2012 22:12:37   OK   smss.exe\ntdll.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\smss.exe      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\ntdll.dll      
03/04/2012 22:12:37   OK   csrss.exe\csrss.exe      
03/04/2012 22:12:37   OK   csrss.exe\ntdll.dll   Object was not changed (iChecker)   
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\csrss.exe      
03/04/2012 22:12:37   OK   csrss.exe\CSRSRV.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\CSRSRV.dll      
03/04/2012 22:12:37   OK   csrss.exe\basesrv.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\basesrv.dll      
03/04/2012 22:12:37   OK   csrss.exe\winsrv.dll      
03/04/2012 22:12:37   OK   csrss.exe\GDI32.dll      
03/04/2012 22:12:37   OK   C:\WINDOWS\System32\winsrv.dll      
03/04/2012 22:12:38   OK   csrss.exe\KERNEL32.dll      
03/04/2012 22:12:38   OK   C:\WINDOWS\System32\GDI32.dll      
03/04/2012 22:12:38   OK   csrss.exe\USER32.dll      
03/04/2012 22:12:38   OK   C:\WINDOWS\System32\USER32.dll      
03/04/2012 22:12:38   OK   csrss.exe\sxs.dll      
03/04/2012 22:12:39   OK   C:\WINDOWS\System32\KERNEL32.dll      
03/04/2012 22:12:39   OK   csrss.exe\ADVAPI32.dll      
03/04/2012 22:12:39   OK   C:\WINDOWS\System32\sxs.dll      
03/04/2012 22:12:39   OK   csrss.exe\RPCRT4.dll      
03/04/2012 22:12:39   OK   C:\WINDOWS\System32\ADVAPI32.dll      
03/04/2012 22:12:39   OK   csrss.exe\Secur32.dll   

[SuperDave]

we are sorry for the inconvenience .
but the Windows can not complete.you have received this message as a result of installing a new software or hardware.please chose one of the followings:

Did you recently install something new? Did you try "last known good configuration" ? Did you try System Restore while in Safe Mode?

[mya2012]

no i didn't install any software or hardware. i started receiving this message after tech. "removed the virus " from my computer!
yes i did try to reboot in each different option but only the first 2 were possible to run.(safe mode ,safe mode with networking)

[mya2012]

no, sorry i didn't. i don't know anything about system restore and when i have to do that!

[SuperDave]

i started receiving this message after tech. "removed the virus " from my computer!

He/she probably removed something important.

Here's how to do a System Restore in XP. Try to restore the computer back to before the tech had his hands on it. Do you have your OS disk?

[mya2012]

hi,

No I don't have the CD, but i was checking online to see how could I do that without CD and i found it here,
 http://www.wikihow.com/Reinstall-Windows-XP-Without-the-CD
 do you think its safe to follow the steps there?

[SuperDave]

That would work if you have the Recovery Console installed. Do you know if it was installed? If not, you should create the Rescue Disk I mentioned in my first post and that should be able to boot your computer. From there you can find out if the Recovery Console was installed and will also allow you to back up all your important data. Can you still boot your computer in Safe Mode?

[mya2012]

yes i can boot the system in safe mode and safe mode with networking.

i just noticed there is HP-Recovery(D:) (and a lock icon beside it) when i clicked on it ,there is a page from HP saying :
 Recovery Partition
warning!
this area of your hard drive(or partition) contain files used for  your pc recovery. do not delete or alter these files
any change to this partition could prevent any recovery later.

is this what i need? or i have to follow the steps on your first post on Windows recovery? please let me know in what mode should i do the process?

Thanks a lot

[SuperDave]

That's your Recovery Console on a separate partition. That's why it's locked. Now you should follow the instructions that you found in Reply # 15.

[mya2012]

Hi SuperDave, i followed the steps to restore the system but it seems the file
Winnt32.exe on my computer is older than the version of my current windows!
as far as I remember I always had windows xp and I bought my computer from Hp so I do not understand how the recovery file is older version! Can you please let me know what should I do now ?
Many thanks

[mya2012]

I also checked the system properties and I can see
Windows xp service pack 3 is my system operator.

[SuperDave]

Can you please let me know what should I do now ?

See if you can borrow a copy of XP from someone. I must be the same as the OS on your computer now and then run SFC

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue  progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

[mya2012]

I don't have xp cd as the agent in Hp told me a copy of it is in my hard drive.
However during the years my system automatically been updated. he will call me tomorrow if he can
send a updated xp cd.he also said to run the malware again as I was booting syste
On safe mode with networking . I did and malware found 37 infections which all are removed now. Sorry I didn't ask you before running it. I hope this does not cause problem.

[mya2012]

can I still create a windows recovery cd by following your instructions in your first reply?

[SuperDave]

can I still create a windows recovery cd by following your instructions in your first reply?

That's not a recovery cd; it's a boot disk that will, in most cases, get your computer running so you can do some scans and save some important information.

[mya2012]

Hi SuperDave,
Sorry for delay I was away.
I have received the windows xp and also Boot cd and Driver cd. I first insert the boot cd and checked the drive C and everything is fine.however when I put the windows xp cd after loading files,I get a message to choose my operating system from the menu and when I pick window xp home edition it goes to a blue screen saying "there is a problem caused by following file : setupdd.sys
Can you please tell me what I have to do now? One more thing after using the boot cd,I restart the computer when I put the windows xp and I didn't need to choose the safe mood at all!

[mya2012]

SuperDave,

something rather interesting happened when I was quite dissapointed with my windows xp cd as it had not sorted out my computer ! i switch on the computer and took the cd out of the drive then i notice on the first screen which it says HP invent on the bottom right of the screen says: system recovery F10 so i hit the F10 key and suddenly it started to download files and then i saw the Windows xp on the black screen and messages to set the time and location and so on.... so right now i am sending this message from my computer and windows xp runs no problem . the only thing is when i tried to install updates from Windows website for xp , it was then when the computer crashed and i got the same massage that windows had to shut down so I again start with the key F10 process and everything looks normal and running no problem.
but can you please tell me why installing updates for window xp cause the crash?is there anyway to fix it or just my computer is too old for updates? i would like to send a BIG thanks to you for all your advices as without your advices i would have never be abled to fix my computer.

[SuperDave]

Please run this and see if it fixes the update problem.

•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Press the green double checkmark box (Looks like this:


UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix

[mya2012]

many thanks for the above!
 I ran the "Dial a fix" and I saved a report just in case you want to see the errors:

16:43:46 | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:43:49 | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
16:43:54 | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:43:55 | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:43:56 | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
16:44:19 | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18928
16:44:22 | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18928
16:44:31 | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:44:45 | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18923
16:44:48 | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18923
16:44:49 | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:44:55 | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:45:02 | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702

[mya2012]

after running " Dial a fix "i tried to install updates from windows however after restarting the computer the same problem happened and i got the same message that windows had to be shut down to prevent problem to the computer. so i ran the system recovery again.

[SuperDave]

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue  progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

[mya2012]

i ran windows xp cd and i was able to install 75 windows security updates however after installing xp sp3 , at the restart of the computer again i got the message that windows has to shut down to prevent damage to you computer. so it seems i just can install
xp sp3. other installations (75)were all successful .

[SuperDave]

What happened when you tried SFC?

[mya2012]

I let the cd run and when i came back to the computer after 4 hours the process had finished and there was no message on the screen! so i assummed everything went well! so i noticed the icon for updates , and i click on it to install the updates which it did install 75 updates but when it came only to xp sp3 , then the same problem occured.

[SuperDave]

Please do the SFC as described in Reply # 30 but do not insert the OS CD until it asks for it.

[mya2012]

sorry SuperDave in reply #30 you said if i have a xp cd i put it in the cd drive and i run it unitrupted which i did ! then what is the OS cd? is it operating system?if yes isn't it the same as XP cd?

[SuperDave]

you said if i have a xp cd i put it in the cd drive and i run it unitrupted which i did ! then what is the OS cd? is it operating system?if yes isn't it the same as XP cd?
Yes, the XP cd. I want to see if it will ask for the CD to repair or replace some files.

[mya2012]

I ran the cd and the blue bar was completed and no message or anything else appeared after that.

[SuperDave]

I ran the cd and the blue bar was completed and no message or anything else appeared after that.

Well, that rules out missing or corrupted files.
Please try running Dial-A-Fix again and then try your updates again.

[mya2012]

hi Superdave,

there were few errors that why i thought to paste the report in dial-a-fix here for you to see:

16:09:00 | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
     the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
     [email protected] and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 8.0.6001.18702
MPC: 76477-OEM
CPU: AMD Athlon(tm) 64 Processor 3200+ (~1800MHz)
CPU: CPU is 64-bit or has 64-bit extensions
BIOS: 09/03/2005
Memory (approx): 959MB
Uptime: 54 hour(s)
Current directory: C:\DOCUME~1\HP_OWN~1.002\LOCALS~1\Temp\Temporary Directory 1 for Dial-a-fix-v0.60.0.24[1].zip\Dial-a-fix-v0.60.0.24
---

04/06/2012 16:09:00 -- Dial-a-fix : [v0.60.0.24] -- started
16:09:01 | Policy scan started
16:09:01 | Policy scan ended - no restrictive policies were found
--- MSI ---
16:09:59 | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
16:10:05 | Unregistered: C:\WINDOWS\system32\msxml.dll
16:10:05 | Registered: C:\WINDOWS\system32\msxml.dll
16:10:05 | Unregistered: C:\WINDOWS\system32\msxml2.dll
16:10:05 | Registered: C:\WINDOWS\system32\msxml2.dll
16:10:06 | Unregistered: C:\WINDOWS\system32\msxml3.dll
16:10:06 | Registered: C:\WINDOWS\system32\msxml3.dll
16:10:06 | Unregistered: C:\WINDOWS\system32\msxml4.dll
16:10:06 | Registered: C:\WINDOWS\system32\msxml4.dll
16:10:06 | Unregistered: C:\WINDOWS\system32\qmgr.dll
16:10:06 | Registered: C:\WINDOWS\system32\qmgr.dll
16:10:07 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
16:10:07 | Registered: C:\WINDOWS\system32\qmgrprxy.dll
16:10:07 | Unregistered: C:\WINDOWS\system32\winhttp.dll
16:10:07 | Registered: C:\WINDOWS\system32\winhttp.dll
16:10:07 | Registered: C:\WINDOWS\system32\wuapi.dll
16:10:07 | Unregistered: C:\WINDOWS\system32\wuaueng.dll
16:10:08 | Registered: C:\WINDOWS\system32\wuaueng.dll
16:10:08 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
16:10:08 | Registered: C:\WINDOWS\system32\wuaueng1.dll
16:10:08 | Unregistered: C:\WINDOWS\system32\wucltui.dll
16:10:08 | Registered: C:\WINDOWS\system32\wucltui.dll
16:10:08 | Unregistered: C:\WINDOWS\system32\wups.dll
16:10:08 | Registered: C:\WINDOWS\system32\wups.dll
16:10:08 | Unregistered: C:\WINDOWS\system32\wups2.dll
16:10:08 | Registered: C:\WINDOWS\system32\wups2.dll
16:10:08 | Unregistered: C:\WINDOWS\system32\wuweb.dll
16:10:08 | Registered: C:\WINDOWS\system32\wuweb.dll
16:10:08 | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
16:10:20 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
16:10:24 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
16:10:24 | Registered: C:\WINDOWS\system32\cryptdlg.dll
16:10:24 | Unregistered: C:\WINDOWS\system32\cryptui.dll
16:10:24 | Registered: C:\WINDOWS\system32\cryptui.dll
16:10:24 | Unregistered: C:\WINDOWS\system32\cryptext.dll
16:10:24 | Registered: C:\WINDOWS\system32\cryptext.dll
16:10:24 | Unregistered: C:\WINDOWS\system32\dssenh.dll
16:10:24 | Registered: C:\WINDOWS\system32\dssenh.dll
16:10:25 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
16:10:25 | Registered: C:\WINDOWS\system32\gpkcsp.dll
16:10:25 | Unregistered: C:\WINDOWS\system32\initpki.dll
16:11:01 | Registered: C:\WINDOWS\system32\initpki.dll
16:11:01 | Unregistered: C:\WINDOWS\system32\licdll.dll
16:11:01 | Registered: C:\WINDOWS\system32\licdll.dll
16:11:01 | Unregistered: C:\WINDOWS\system32\mssign32.dll
16:11:01 | Registered: C:\WINDOWS\system32\mssign32.dll
16:11:01 | Unregistered: C:\WINDOWS\system32\mssip32.dll
16:11:01 | Registered: C:\WINDOWS\system32\mssip32.dll
16:11:01 | Unregistered: C:\WINDOWS\system32\scardssp.dll
16:11:01 | Registered: C:\WINDOWS\system32\scardssp.dll
16:11:01 | Unregistered: C:\WINDOWS\system32\sccbase.dll
16:11:01 | Registered: C:\WINDOWS\system32\sccbase.dll
16:11:01 | Unregistered: C:\WINDOWS\system32\scecli.dll
16:11:02 | Registered: C:\WINDOWS\system32\scecli.dll
16:11:02 | Unregistered: C:\WINDOWS\system32\softpub.dll
16:11:02 | Registered: C:\WINDOWS\system32\softpub.dll
16:11:02 | Unregistered: C:\WINDOWS\system32\slbcsp.dll
16:11:02 | Registered: C:\WINDOWS\system32\slbcsp.dll
16:11:02 | Unregistered: C:\WINDOWS\system32\regwizc.dll
16:11:02 | Registered: C:\WINDOWS\system32\regwizc.dll
16:11:02 | Unregistered: C:\WINDOWS\system32\rsaenh.dll
16:11:02 | Registered: C:\WINDOWS\system32\rsaenh.dll
16:11:02 | Unregistered: C:\WINDOWS\system32\winhttp.dll
16:11:02 | Registered: C:\WINDOWS\system32\winhttp.dll
16:11:02 | Unregistered: C:\WINDOWS\system32\wintrust.dll
16:11:02 | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs
16:11:03 | Registered: C:\WINDOWS\system32\acelpdec.ax
16:11:03 | Registered: C:\WINDOWS\system32\actxprxy.dll
16:11:03 | Registered: C:\WINDOWS\system32\asctrls.ocx
16:11:03 | Registered: C:\WINDOWS\system32\daxctle.ocx
16:11:03 | Registered: C:\WINDOWS\system32\hhctrl.ocx
16:11:03 | Registered: C:\WINDOWS\system32\l3codecx.ax
16:11:03 | Registered: C:\WINDOWS\system32\licmgr10.dll
16:11:03 | Registered: C:\WINDOWS\system32\mpg4ds32.ax
16:11:05 | Registered: C:\WINDOWS\system32\msdxm.ocx
16:11:05 | Registered: C:\WINDOWS\system32\proctexe.ocx
16:11:05 | Registered: C:\WINDOWS\system32\tdc.ocx
16:11:05 | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
16:11:05 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
16:11:05 | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
16:11:05 | Registered: C:\WINDOWS\system32\appwiz.cpl
16:11:05 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
16:11:05 | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
16:11:05 | Registered: C:\WINDOWS\system32\quartz.dll
16:11:06 | Registered: C:\WINDOWS\system32\danim.dll
16:11:06 | Registered: C:\WINDOWS\system32\dmscript.dll
16:11:06 | Registered: C:\WINDOWS\system32\dmstyle.dll
16:11:06 | Registered: C:\WINDOWS\system32\dxmasf.dll
16:11:06 | Registered: C:\WINDOWS\system32\dxtmsft.dll
16:11:06 | Registered: C:\WINDOWS\system32\dxtrans.dll
16:11:07 | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
16:11:07 | Registered: C:\WINDOWS\system32\atl.dll
16:11:07 | Registered: C:\WINDOWS\system32\corpol.dll
16:11:07 | Registered: C:\WINDOWS\system32\jscript.dll
16:11:07 | Registered: C:\WINDOWS\system32\dispex.dll
16:11:07 | Registered: C:\WINDOWS\system32\scrrun.dll
16:11:07 | Registered: C:\WINDOWS\system32\scrobj.dll
16:11:07 | Registered: C:\WINDOWS\system32\vbscript.dll
16:11:07 | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
16:11:07 | Registered: C:\WINDOWS\system32\activeds.dll
16:11:08 | DllInstalled: C:\WINDOWS\system32\browseui.dll
16:11:08 | Registered: C:\WINDOWS\system32\browseui.dll
16:11:08 | Registered: C:\WINDOWS\system32\browsewm.dll
16:11:08 | Registered: C:\WINDOWS\system32\cabview.dll
16:11:08 | Registered: C:\WINDOWS\system32\cdfview.dll
16:11:08 | Registered: C:\WINDOWS\system32\clbcatex.dll
16:11:08 | Registered: C:\WINDOWS\system32\clbcatq.dll
16:11:09 | Registered: C:\WINDOWS\system32\comcat.dll
16:11:09 | Registered: C:\WINDOWS\system32\cscui.dll
16:11:09 | Registered: C:\WINDOWS\system32\credui.dll
16:11:09 | Registered: C:\WINDOWS\system32\datime.dll
16:11:09 | Registered: C:\WINDOWS\system32\devmgr.dll
16:11:09 | Registered: C:\WINDOWS\system32\dfsshlex.dll
16:11:09 | Registered: C:\WINDOWS\system32\dmdlgs.dll
16:11:09 | Registered: C:\WINDOWS\system32\dmdskmgr.dll
16:11:09 | Registered: C:\WINDOWS\system32\dmloader.dll
16:11:09 | Registered: C:\WINDOWS\system32\dmocx.dll
16:11:09 | Registered: C:\WINDOWS\system32\dmview.ocx
16:11:10 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
16:11:10 | Registered: C:\WINDOWS\system32\dsuiext.dll
16:11:10 | DllInstalled: C:\WINDOWS\system32\dsquery.dll
16:11:10 | Registered: C:\WINDOWS\system32\dsquery.dll
16:11:10 | Registered: C:\WINDOWS\system32\dskquoui.dll
16:11:10 | Registered: C:\WINDOWS\system32\els.dll
16:11:10 | Registered: C:\WINDOWS\system32\es.dll
16:11:10 | Registered: C:\WINDOWS\system32\fontext.dll
16:11:10 | Registered: C:\WINDOWS\system32\hlink.dll
16:11:11 | Registered: C:\WINDOWS\system32\hnetcfg.dll
16:11:11 | Registered: C:\WINDOWS\system32\iedkcs32.dll
16:11:11 | Registered: C:\WINDOWS\system32\iepeers.dll
16:11:11 | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:14:17 | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
16:15:02 | Registered: C:\WINDOWS\system32\ils.dll
16:15:02 | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:15:41 | Registered: C:\WINDOWS\system32\inetcfg.dll
16:15:41 | Registered: C:\WINDOWS\system32\inetcomm.dll
16:15:41 | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:15:55 | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
16:16:06 | Registered: C:\WINDOWS\system32\laprxy.dll
16:16:07 | Registered: C:\WINDOWS\system32\lmrt.dll
16:16:07 | Registered: C:\WINDOWS\system32\mlang.dll
16:16:07 | Registered: C:\WINDOWS\system32\mmcndmgr.dll
16:16:07 | Registered: C:\WINDOWS\system32\mmcshext.dll
16:16:07 | Registered: C:\WINDOWS\system32\mscoree.dll
16:16:07 | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18928
16:16:35 | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18928
16:16:42 | Registered: C:\WINDOWS\system32\mshtmled.dll
16:16:42 | Registered: C:\WINDOWS\system32\msieftp.dll
16:16:42 | Registered: C:\WINDOWS\system32\msoeacct.dll
16:16:42 | Registered: C:\WINDOWS\system32\msr2c.dll
16:16:42 | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:16:57 | DllInstalled: C:\WINDOWS\system32\mydocs.dll
16:16:57 | Registered: C:\WINDOWS\system32\mydocs.dll
16:16:57 | Registered: C:\WINDOWS\system32\mstime.dll
16:16:58 | Registered: C:\WINDOWS\system32\netcfgx.dll
16:16:58 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
16:16:58 | Registered: C:\WINDOWS\system32\netplwiz.dll
16:16:58 | Registered: C:\WINDOWS\system32\netman.dll
16:16:58 | Registered: C:\WINDOWS\system32\netshell.dll
16:16:58 | Registered: C:\WINDOWS\system32\ntmsevt.dll
16:16:58 | Registered: C:\WINDOWS\system32\ntmsmgr.dll
16:16:58 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
16:16:58 | Registered: C:\WINDOWS\system32\ntmssvc.dll
16:16:58 | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18923
16:17:13 | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18923
16:17:18 | Registered: C:\WINDOWS\system32\ole32.dll
16:17:18 | Registered: C:\WINDOWS\system32\oleaut32.dll
16:17:18 | Registered: C:\WINDOWS\system32\oleacc.dll
16:17:18 | Registered: C:\WINDOWS\system32\olepro32.dll
16:17:18 | DllInstalled: C:\WINDOWS\system32\photowiz.dll
16:17:18 | Registered: C:\WINDOWS\system32\photowiz.dll
16:17:18 | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:17:29 | Registered: C:\WINDOWS\system32\remotepg.dll
16:17:29 | Registered: C:\WINDOWS\system32\rpcrt4.dll
16:17:29 | Registered: C:\WINDOWS\system32\rshx32.dll
16:17:29 | Registered: C:\WINDOWS\system32\sendmail.dll
16:17:29 | Registered: C:\WINDOWS\system32\slayerxp.dll
16:17:30 | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
16:17:31 | Registered: C:\WINDOWS\system32\shdocvw.dll
16:17:31 | Registered: C:\WINDOWS\system32\shell32.dll
16:17:37 | DllInstalled: C:\WINDOWS\system32\shell32.dll
16:17:37 | Registered: C:\WINDOWS\system32\shmedia.dll
16:17:37 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
16:17:37 | Registered: C:\WINDOWS\system32\shimgvw.dll
16:17:37 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
16:17:38 | Registered: C:\WINDOWS\system32\shsvcs.dll
16:17:38 | Registered: C:\WINDOWS\system32\srclient.dll
16:17:38 | Unregistered: C:\WINDOWS\system32\stobject.dll
16:17:38 | Registered: C:\WINDOWS\system32\stobject.dll
16:17:38 | DllInstalled: C:\WINDOWS\system32\themeui.dll
16:17:38 | Registered: C:\WINDOWS\system32\themeui.dll
16:17:38 | Registered: C:\WINDOWS\system32\twext.dll
16:17:39 | DllInstalled: C:\WINDOWS\system32\urlmon.dll
16:17:39 | Registered: C:\WINDOWS\system32\urlmon.dll
16:17:39 | Registered: C:\WINDOWS\system32\userenv.dll
16:17:39 | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
16:17:51 | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
16:17:57 | Registered: C:\WINDOWS\system32\webvw.dll
16:17:57 | Registered: C:\WINDOWS\system32\winhttp.dll
16:17:57 | DllInstalled: C:\WINDOWS\system32\wininet.dll
16:17:57 | Registered: C:\WINDOWS\system32\zipfldr.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
16:17:57 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
16:17:58 | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
16:17:58 | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
16:17:58 | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
16:17:59 | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

[SuperDave]

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
*****************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*****************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[mya2012]

Hi SuperDave,

I ran the Malwarebytes anti-malware and aswMBR.exe and i saved the report as you said however after disabling
the anti virus software and running the Combofix in the middle of the process (when it said : stage 75 completed)the screen
suddenly went black and windows re started again and the the same message appeared which i used to get from begining
saying :windows had to shut down to prevent damages to your computer as a result of installing a new software or hardware.
so i had to go  for system recovery again and basically all the saved reports are lost.

[SuperDave]

so i had to go  for system recovery again and basically all the saved reports are lost.

Did you do a System Recovery or did you do a System Restore?

[mya2012]

no i did system recovery as it went to the same kind of screen when I initially had problem with running windows.

[SuperDave]

no i did system recovery as it went to the same kind of screen when I initially had problem with running windows.

So, now your computer is back to square one?

[mya2012]

well not quite square one , I can use the computer now however i can not update the windows from sp2 to sp3 and for that reason I can not have MS office 2010 installed or any other programmes which require a newer version of windows.

[SuperDave]

You can download  SP3 from here. This is an image file and you will need to burn it to a disk using an Image burner. If you don't have one here's one that I use.

IMG Burner.

[mya2012]

thanks for that but can i ask you please to give me the link for the SP3 as i can not open the one in your message. I am not quite sure what exactly I have to download from IMG burner , on the disk drive of my computer says DVD_+ writter/CD - writter, is this what i need to have to download the sp3?and the last question,I had 75 updates from windows and one of them was sp3 but my computer after installing the updates and restart the windows , it went to the same screen saying windows had to shut down to prevent damages. so do you think the link you gave me for sp3 would be a different one?

many thanks

[SuperDave]

Sorry, here it is. SP3.iso
First, download and save the ISO file somewhere on your computer. It's not important where you save it as long as you remember where. Next, download and install IMG on your computer. You can start IMG and browse to where you save the file or you can just double-click on the ISO file and it will open IMG. After you burn the disk, just pop the disk in and it will start to run and install SP3.

[mya2012]

I was downloading sp3.iso when a message popped up saying the conection had to be restarted! i tried to download the file again but it didn't download at all! and my computer has gone awfully slow!!!! it took 3 min to open "computerhope" website and one min for every page to open after that!

[SuperDave]

After you did the System Recovery did you install an anti-virus program?

[mya2012]

no I didn't!
I also ran the Super anti-spyware and it found 188 virus and one was trojan!
I tried to download the anti virus i had before but it was unsuccessful as the min required system for Avira is
sp3 not sp2!by any chance do you know one that accept sp2?

[SuperDave]

I hardly think that any will accept SP2. Your best bet would be to burn the SP3 ISO to a disk and install it on your computer then you will have no problem installing an AV. Please stay off the net with that computer until you get an AV in place.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

[mya2012]

thanks , I downloaded the microsoft security essentials for windows. it did scan my computer and found few viruses and a trojan again they have been removed however the pc still is slow but as not as bad before . can i ask you if utorrent is a good and safe programme or not?

[SuperDave]

P2P - uTorrent is P2P software. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

[mya2012]

Thanks a lot for your advice. the reason I asked you for utorrent was , I needed to get microsoft excel and word ,most of the  sources required min of sp3 system but the one that i had to download utorrent for; it specifically was for sp2 ;so at the moment I  have the excel and word on my computer however after what you advised , I did uninstall the utorrent ,but do you think  this would still be a problem?

[SuperDave]

As I mentioned, uTorrent is safe but the files you download have the potential of being infected.

[mya2012]

I deleted the files and i ran Malwarebytes anti malware nothing was detected. I also install and ran Ccleaner.I defragmented the C and D drive however my pc still very slow for example it takes 40 seconds to open a page! what I noticed in Task Manager is that there is a process called MsMpeng.exe with a memory usage of 50,092K almost the same as internet explore. do you think by stopping this process it could fix the pc speed?these are 4 processes with high usage of memory.
image name      user name       memory usage
svchost.exe        system             23,780
services.exe       system             15,408
explorer.exe       HP-owner         35,688
ixplorer.exe        HP-owner         49,752

Thanks

[mya2012]

sorry Dave for too much trouble, I also noticed i can not open "Yahoo " page at all while I can open other sites after 40 sec. I was reading a topic here with exactly my problem and "evilfantasy" suggested below:

Click Start > Run and copy and paste the following line into the run box: regsvr32 urlmon.dll
Press OK
Once it is completed you will get this message DllRegisterServer in urlmon.dll succeeded, repeat the above steps, but replace regsvr32 urlmon.dll with the following: (enter each line one at a time selecting OK after each)

•regsvr32 actxprxy.dll

•regsvr32 shdocvw.dll

•regsvr32 mshtml.dll

•regsvr32 browseui.dll

•regsvr32 jscript.dll

•regsvr32 vbscript.dll

•regsvr32 oleaut32.dll
When finished restart your computer.
i tried the steps but when it came to  regsvr32 mshtml.dll , i got a message that this one can not be loaded  because DllRegisterServer entry point was not found.

[SuperDave]

I noticed in Task Manager is that there is a process called MsMpeng.exe with a memory usage of 50,092K almost the same as internet explore. do you think by stopping this process it could fix the pc speed?these are 4 processes with high usage of memory.
image name      user name       memory usage
svchost.exe        system             23,780
services.exe       system             15,408
explorer.exe       HP-owner         35,688
ixplorer.exe        HP-owner         49,752

MsMpeng.exe is for Windows defender. You can stop all those tasks except explorer.exe. That will shut your computer down. Please do this:

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
ixplorer.exe 
Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
 

[mya2012]

hi
here is the report:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:29 on 14/06/2012 by HP_Owner
Administrator - Elevation successful

No Context: code:[select]

========== filefind ==========

Searching for "ixplorer.exe"
No files found.

-= EOF =-

[SuperDave]

Could you please download and run ComboFix as outlined in Reply # 40?

[mya2012]

hi,
i ran the combofix and after completing stage 50 ,it did started to delete some files and i think one was Windows32/ps (i am not quite sure about the ps part though!)
however after restarting the computer by combofix it straight went to the same page saying "windows had to shut down to prevent any harm to your computer". so i had again to run pc recovery and start all over again!

[mya2012]

hi,
I ran the combofix and after completing stage 50 ,it did start to delete some files and I think one was Windows32/ps (i am not quite sure about the ps part though!)
however after restarting the computer by combofix it straight went to the same page saying "windows had to shut down to prevent any harm to your computer". so i had again to run pc recovery and start all over again!
I also ran Malwarebytes anti-malware and nothing was detected.

[SuperDave]

I'm still concerned about the ixplorer.exe.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[mya2012]

hi , here is the result of dds logfile:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Owner at 15:10:39 on 2012-06-17
Microsoft Windows XP Home Edition  5.1.2600.2.1252.44.1033.18.959.705 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\sirajo~1.lnk - c:\program files\sakhr\siraj online\siraj online 1.0\SirajHotKey.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26EE1428-4D62-4348-8A71-C1A3C8FFF4F7} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-16 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NAVENG.Sys [2005-1-1 72712]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NavEx15.Sys [2005-1-1 629544]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-16 257224]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]
.
=============== Created Last 30 ================
.
2012-06-16 15:36:13   --------   d-----w-   c:\windows\system32\cache
2012-06-16 10:00:57   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 10:00:57   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-16 07:38:58   263552   ------w-   c:\windows\system32\dllcache\http.sys
2012-06-16 07:20:46   --------   d-----w-   c:\windows\system32\CatRoot_bak
2012-06-15 21:04:42   --------   d-sh--w-   c:\documents and settings\hp_owner.bella.003\PrivacIE
2012-06-15 19:14:59   --------   d-sh--w-   c:\documents and settings\hp_owner.bella.003\IETldCache
2012-06-15 19:07:08   12800   ------w-   c:\windows\system32\dllcache\xpshims.dll
2012-06-15 19:07:07   599040   ------w-   c:\windows\system32\dllcache\msfeeds.dll
2012-06-15 19:07:07   55296   ------w-   c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-15 19:07:06   247808   ------w-   c:\windows\system32\dllcache\ieproxy.dll
2012-06-15 19:07:06   1985536   ------w-   c:\windows\system32\dllcache\iertutil.dll
2012-06-15 19:07:05   743424   ------w-   c:\windows\system32\dllcache\iedvtool.dll
2012-06-15 19:07:05   11076096   ------w-   c:\windows\system32\dllcache\ieframe.dll
2012-06-15 18:14:10   --------   d-sh--w-   c:\documents and settings\hp_owner.bella.003\UserData
2012-06-15 16:46:43   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\Malwarebytes
2012-06-15 16:26:14   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2012-06-15 16:26:14   272128   ------w-   c:\windows\system32\dllcache\bthport.sys
2012-06-15 16:25:35   454016   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2012-06-15 16:24:00   2181376   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2012-06-15 16:23:59   2137088   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2012-06-15 16:23:59   2058368   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2012-06-15 16:23:59   2016768   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2012-06-15 16:23:05   17920   ------w-   c:\windows\system32\dllcache\msyuv.dll
2012-06-15 16:22:12   293376   ------w-   c:\windows\system32\browserchoice.exe
2012-06-15 16:21:59   8704   ------w-   c:\windows\system32\dllcache\tsbyuv.dll
2012-06-15 16:21:58   48128   ------w-   c:\windows\system32\dllcache\iyuv_32.dll
2012-06-15 16:14:57   --------   d-----w-   c:\windows\system32\PreInstall
2012-06-15 16:14:56   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-06-15 12:06:50   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\AVG2012
2012-06-15 11:51:38   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\local settings\application data\AVG Secure Search
2012-06-15 11:51:25   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\AVG Secure Search
2012-06-15 11:51:23   --------   d-----w-   c:\documents and settings\all users\application data\AVG Secure Search
2012-06-15 11:51:20   --------   d-----w-   c:\program files\common files\AVG Secure Search
2012-06-15 11:51:19   --------   d-----w-   c:\program files\AVG Secure Search
2012-06-15 11:49:50   --------   d--h--w-   C:\$AVG
2012-06-15 11:49:50   --------   d-----w-   c:\windows\system32\drivers\AVG
2012-06-15 11:49:50   --------   d-----w-   c:\documents and settings\all users\application data\AVG2012
2012-06-15 11:49:17   --------   d-----w-   c:\program files\AVG
2012-06-15 11:48:43   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2012-06-15 11:25:14   --------   d-----w-   c:\documents and settings\all users\application data\IObit
2012-06-15 11:24:04   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\application data\IObit
2012-06-15 11:23:34   --------   d-----w-   c:\program files\IObit
2012-06-15 10:36:08   --------   d-----w-   C:\98cf2319830f845388
2012-06-15 10:17:51   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-06-15 10:17:51   476936   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-06-15 10:17:51   472840   ----a-w-   c:\windows\system32\deployJava1.dll
2012-06-15 10:15:44   --------   d-sh--r-   C:\cmdcons
2012-06-15 10:15:06   --------   d-----w-   c:\documents and settings\hp_owner.bella.003\local settings\application data\LightScribe
2012-06-15 10:14:48   221184   ----a-w-   c:\windows\system32\wmpns.dll
2012-06-15 10:12:10   --------   d-----w-   c:\program files\SiS VGA Utilities V3.63
2012-06-15 10:10:54   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2012-06-15 09:29:14   --------   d-s---w-   C:\ComboFix
2012-06-15 09:18:03   6737808   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29833732-476a-4ffa-b763-49317fb3ac6a}\mpengine.dll
2012-06-14 17:45:52   6737808   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-09 16:52:24   --------   d-----w-   c:\program files\Microsoft Security Client
2012-06-08 17:44:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-06-08 17:44:50   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-06-08 09:31:50   1409   ----a-w-   c:\windows\QTFont.for
2012-06-06 17:03:32   --------   d-----w-   c:\program files\Un-Rar for Windows
2012-06-06 16:20:49   --------   d-----w-   c:\program files\Microsoft Download Manager
2012-06-05 18:30:23   98816   ----a-w-   c:\windows\sed.exe
2012-06-05 18:30:23   518144   ----a-w-   c:\windows\SWREG.exe
2012-06-05 18:30:23   256000   ----a-w-   c:\windows\PEV.exe
2012-06-05 18:30:23   208896   ----a-w-   c:\windows\MBR.exe
2012-06-03 16:33:56   --------   d-----w-   c:\program files\uTorrentControl2
2012-06-03 16:33:40   --------   d-----w-   c:\program files\uTorrent
2012-05-21 11:49:36   61440   ----a-w-   c:\program files\common files\system\ole db\SET48C.tmp
2012-05-21 11:49:36   528384   ----a-w-   c:\program files\common files\system\ole db\SET48D.tmp
2012-05-21 11:49:36   28672   ----a-w-   c:\program files\common files\system\ole db\SET48A.tmp
2012-05-21 11:49:36   217088   ----a-w-   c:\program files\common files\system\ole db\SET48B.tmp
2012-05-21 11:49:16   65536   ----a-w-   c:\program files\common files\system\ole db\SET48E.tmp
2012-05-21 11:49:16   487424   ----a-w-   c:\program files\common files\system\ole db\SET48F.tmp
2012-05-21 11:49:05   24576   ----a-w-   c:\program files\common files\system\ole db\SET490.tmp
2012-05-21 11:49:00   102400   ----a-w-   c:\program files\common files\system\ado\SET54E.tmp
2012-05-20 15:22:14   28672   ----a-w-   c:\program files\common files\system\ole db\SET475.tmp
2012-05-20 15:22:14   217088   ----a-w-   c:\program files\common files\system\ole db\SET476.tmp
2012-05-20 15:22:13   61440   ----a-w-   c:\program files\common files\system\ole db\SET477.tmp
2012-05-20 15:22:13   528384   ----a-w-   c:\program files\common files\system\ole db\SET478.tmp
2012-05-20 15:20:50   19569   ----a-w-   c:\windows\005128_.tmp
2012-05-19 15:36:57   19569   ----a-w-   c:\windows\005163_.tmp
2012-05-19 12:01:49   --------   d-----w-   c:\program files\Ask.com
2012-05-19 11:51:33   --------   d-----w-   c:\documents and settings\all users\application data\Ask
.
==================== Find3M  ====================
.
2012-04-19 03:50:26   24896   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 15:11:52.37 ===============


result for attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 15/06/2012 11:12:54
System Uptime: 17/06/2012 12:38:09 (3 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1790/200mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 11 ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
AVG 2012
BufferChm
CameraDrivers
CC_ccProxyExt
ccCommon
ccPxyCore
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
Easy Internet Sign-up
Fax
Help and Support Additions
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
HpSdpAppCoreApp
InstantShare
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 33
KBD
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
PanoStandAlone
PC-Doctor for Windows
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SiS VGA Utilities
SkinsHP1
Sonic Express Labeler
Sonic RecordNow!
SPBBC
SymNet
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB914882)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB890175
.
==== Event Viewer Messages From Past Week ========
.
17/06/2012 08:42:12, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
16/06/2012 16:35:01, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
16/06/2012 08:14:57, error: PlugPlayManager [12]  - The device 'HL-DT-ST DVD-RAM GH22LP20' (IDE\CdRomHL-DT-ST_DVD-RAM_GH22LP20_______________1.02____\5&36942936&0&0.0.0) disappeared from the system without first being prepared for removal.
15/06/2012 17:18:20, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
15/06/2012 14:40:01, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
15/06/2012 14:01:23, error: atapi [9]  - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
15/06/2012 13:24:49, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort2.
15/06/2012 13:08:22, error: Service Control Manager [7034]  - The Advanced SystemCare Service 5 service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

[SuperDave]

Is ixplorer.exe still showing up in your task manager?

[mya2012]

yes there are 4 iexplorer with a memory usage of 11,944;  128,566;  54,982; 11,600 and all HP- user.
,

[SuperDave]

yes there are 4 iexplorer with a memory usage of 11,944;  128,566;  54,982; 11,600 and all HP- user.
,

Using your Task Manager please end process on each of those one by one and see what happens. This is a suspicious file.

[mya2012]

as soon as i click "end process"of on one of them, the internet explorer page closes. and when i re-open it again and check the task manager i can see 2,3 iexplorer came back again.

[SuperDave]

as soon as i click "end process"of on one of them, the internet explorer page closes. and when i re-open it again and check the task manager i can see 2,3 iexplorer came back again.

It's ixplorer.exe that you should targetting not iexplorer

[mya2012]

as far as i can see in task manager all the files have extension .exe and yes I did end the process of iexplorer.exe

[SuperDave]

Please give me an update on how your computer is working.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[mya2012]

the computer speed is not really good for example it took esetscanner around 3 hours to finish.if i want to close a web page i have to click the close button 3 times!

eset scan:

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll   a variant of Win32/Adware.Yontoo.B application   cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\4\4a28dd84-1b318e38   multiple threats   deleted - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\8\6613c808-69c0a107   Java/Agent.EA trojan   deleted - quarantined
C:\Documents and Settings\HP_Owner.BELLA.003\Application Data\Sun\Java\Deployment\cache\6.0\51\877c433-1f29a391   Java/Exploit.CVE-2012-0507.BR trojan   cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner.BELLA.003\Application Data\Sun\Java\Deployment\cache\6.0\58\7f0d787a-69139776   Java/Exploit.CVE-2012-0507.BS trojan   deleted - quarantined

[SuperDave]

the computer speed is not really good for example it took esetscanner around 3 hours to finish.if i want to close a web page i have to click the close button 3 times!

Running a scan is not a good indicator of the speed of your computer. Looking back over this thread I can't believe that we've been at for almost three months. Unfortunately, there's not much else I can help you with except to give this piece of information.

Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[mya2012]

Many thanks for your help over 3 months, I think its the time for me to look into buy a new computer!

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.