1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

NTVDM CPU error

Discussion in 'Virus & Other Malware Removal' started by BadgerGirl, Dec 29, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Hi all,
    My husband's computer is running Windows XP will all of the latest updates. Recently he installed another 1 GB of RAM. His computer started freezing up caused by NTVDM.exe hogging all of the resources. I did some research and uninstalled Ad-Aware and all traces of Lavasoft from the registry. Now his pc is getting a pop-up error: "16 bit MS-DOS Subsystem: C:\WINDOWS\System32\svchost.exe The NTVDM CPU has encountered an illegal instruction." That is followed by some code which changes with each popup.

    I am attaching the following: Hijack This, DDS and GMER scans.

    1. HijackThis log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:53:19 PM, on 12/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Switch Off\swoff.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsobserver.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {A2C3B68E-CCD6-4D9A-8673-6A284CC045AF} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Switch Off] C:\Program Files\Switch Off\swoff.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136654165060
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136654927310
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: mlljk - Invalid registry found
    O20 - Winlogon Notify: pmnnkll - pmnnkll.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12137 bytes

    2. DDS Scans:
    DDS.txt:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Steve at 18:08:36.67 on Mon 12/27/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1325 [GMT -5:00]

    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    H:\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://newsobserver.com/
    mStart Page = hxxp://www.msn.com
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: IE PopUp-Killer ; Neikeisoft: {49e0e0f0-5c30-11d4-945d-000000000003} - c:\progra~1\ashampoo\ashamp~1\PopUp.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    {a2c3b68e-ccd6-4d9a-8673-6a284cc045af}
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Switch Off] c:\program files\switch off\swoff.exe
    uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
    mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [TotalRecorderScheduler] c:\program files\highcriteria\totalrecorder\TotRecSched.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: usmc.mil\www.29palms
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} - hxxps://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136654165060
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136654927310
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://merillat.view22.com/view22/roomapp/View22RTE.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: pmnnkll - pmnnkll.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\930xgbas.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=008BA0F4-49EF-40FF-B79B-5C72FF596D26&apn_ptnrs=UF&apn_sauid=AD7AF8F8-BFB7-41D1-9074-248000A0C3DF&apn_dtid=&q=
    FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\NPAbacheck.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-12-11 30820]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-19 165584]
    R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2004-11-23 23488]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-19 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-19 40384]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-27 632792]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-19 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-19 40384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2006-1-6 39680]
    S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-7-25 642688]
    S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-4-14 20736]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2001-8-23 14336]
    S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2006-1-6 54784]
    S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2006-5-28 10080]
    S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-2-20 72576]

    =============== Created Last 30 ================

    2010-12-27 18:40:11 388096 ----a-r- c:\docume~1\steve\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-27 11:49:51 -------- d-----w- c:\docume~1\steve\applic~1\Registry Mechanic
    2010-12-27 11:39:44 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-27 11:39:44 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-27 11:39:44 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-27 11:39:44 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-27 11:39:38 -------- d-----w- c:\program files\common files\PC Tools
    2010-12-19 20:50:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-19 20:50:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-19 19:57:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-19 19:57:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-19 19:57:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-19 19:46:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-12-19 19:46:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-12-19 13:27:28 -------- d-----w- c:\windows\system32\NtmsData
    2010-12-18 21:13:06 -------- d-----w- c:\docume~1\steve\applic~1\vlc(2)
    2010-12-16 15:29:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications
    2010-12-16 06:28:22 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-16 06:27:24 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 18:09:13.95 ===============

    Attach.txt:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/6/2006 4:37:17 PM
    System Uptime: 12/27/2010 1:55:24 PM (5 hours ago)

    Motherboard: ASUSTeK Computer INC. | | A8S-X
    Processor: AMD Sempron(tm) Processor 3000+ | Socket 939 | 1799/mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 128 GiB total, 81.285 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 105 GiB total, 72.202 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 234 GiB total, 62.146 GiB free.
    H: is FIXED (FAT) - 1 GiB total, 0.541 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1779: 9/28/2010 6:50:14 PM - System Checkpoint
    RP1780: 9/29/2010 9:21:34 PM - System Checkpoint
    RP1781: 9/30/2010 9:49:09 PM - System Checkpoint
    RP1782: 10/1/2010 10:49:11 PM - System Checkpoint
    RP1783: 10/2/2010 11:09:10 PM - System Checkpoint
    RP1784: 10/4/2010 12:26:27 AM - System Checkpoint
    RP1785: 10/5/2010 12:49:08 AM - System Checkpoint
    RP1786: 10/6/2010 1:49:04 AM - System Checkpoint
    RP1787: 10/7/2010 3:11:28 AM - System Checkpoint
    RP1788: 10/8/2010 3:49:03 AM - System Checkpoint
    RP1789: 10/9/2010 4:49:03 AM - System Checkpoint
    RP1790: 10/10/2010 5:49:03 AM - System Checkpoint
    RP1791: 10/11/2010 7:35:22 AM - System Checkpoint
    RP1792: 10/12/2010 7:49:00 AM - System Checkpoint
    RP1793: 10/13/2010 8:50:02 AM - System Checkpoint
    RP1794: 10/14/2010 9:00:55 AM - System Checkpoint
    RP1795: 10/15/2010 2:06:33 AM - Software Distribution Service 3.0
    RP1796: 10/16/2010 2:16:42 AM - System Checkpoint
    RP1797: 10/16/2010 3:00:44 AM - Software Distribution Service 3.0
    RP1798: 10/17/2010 3:01:15 AM - System Checkpoint
    RP1799: 10/18/2010 4:05:48 AM - System Checkpoint
    RP1800: 10/19/2010 5:05:43 AM - System Checkpoint
    RP1801: 10/20/2010 7:13:00 AM - System Checkpoint
    RP1802: 10/21/2010 7:30:15 AM - System Checkpoint
    RP1803: 10/22/2010 8:30:20 AM - System Checkpoint
    RP1804: 10/23/2010 9:05:50 AM - System Checkpoint
    RP1805: 10/24/2010 10:05:51 AM - System Checkpoint
    RP1806: 10/25/2010 11:05:46 AM - System Checkpoint
    RP1807: 10/26/2010 12:05:43 PM - System Checkpoint
    RP1808: 10/27/2010 1:05:41 PM - System Checkpoint
    RP1809: 10/28/2010 2:05:37 PM - System Checkpoint
    RP1810: 10/29/2010 3:42:54 PM - System Checkpoint
    RP1811: 10/30/2010 4:05:37 PM - System Checkpoint
    RP1812: 10/31/2010 6:12:21 PM - System Checkpoint
    RP1813: 11/1/2010 7:05:37 PM - System Checkpoint
    RP1814: 11/2/2010 7:55:43 PM - System Checkpoint
    RP1815: 11/3/2010 7:56:50 PM - System Checkpoint
    RP1816: 11/4/2010 8:21:11 PM - System Checkpoint
    RP1817: 11/5/2010 9:20:56 PM - System Checkpoint
    RP1818: 11/6/2010 9:51:09 PM - System Checkpoint
    RP1819: 11/7/2010 9:47:07 PM - System Checkpoint
    RP1820: 11/8/2010 9:48:09 PM - System Checkpoint
    RP1821: 11/9/2010 10:47:07 PM - System Checkpoint
    RP1822: 11/10/2010 11:47:03 PM - System Checkpoint
    RP1823: 11/11/2010 3:00:49 AM - Software Distribution Service 3.0
    RP1824: 11/12/2010 3:47:04 AM - System Checkpoint
    RP1825: 11/13/2010 4:47:04 AM - System Checkpoint
    RP1826: 11/14/2010 5:47:04 AM - System Checkpoint
    RP1827: 11/15/2010 7:46:19 AM - System Checkpoint
    RP1828: 11/16/2010 7:46:53 AM - System Checkpoint
    RP1829: 11/17/2010 7:48:01 AM - System Checkpoint
    RP1830: 11/18/2010 7:58:41 AM - System Checkpoint
    RP1831: 11/19/2010 8:32:47 AM - System Checkpoint
    RP1832: 11/20/2010 9:32:47 AM - System Checkpoint
    RP1833: 11/21/2010 10:26:29 AM - System Checkpoint
    RP1834: 11/22/2010 11:26:27 AM - System Checkpoint
    RP1835: 11/23/2010 12:53:41 PM - System Checkpoint
    RP1836: 11/24/2010 12:52:53 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP1837: 11/24/2010 12:53:18 AM - Installed AVG 2011
    RP1838: 11/24/2010 12:54:03 AM - Installed AVG 2011
    RP1839: 11/25/2010 1:53:11 AM - System Checkpoint
    RP1840: 11/26/2010 2:03:43 AM - System Checkpoint
    RP1841: 11/27/2010 2:42:27 AM - System Checkpoint
    RP1842: 11/28/2010 3:03:36 AM - System Checkpoint
    RP1843: 11/29/2010 4:03:34 AM - System Checkpoint
    RP1844: 11/30/2010 4:04:38 AM - System Checkpoint
    RP1845: 12/1/2010 6:01:20 AM - System Checkpoint
    RP1846: 12/2/2010 6:50:16 AM - System Checkpoint
    RP1847: 12/3/2010 8:46:24 AM - System Checkpoint
    RP1848: 12/4/2010 9:11:32 AM - System Checkpoint
    RP1849: 12/5/2010 10:21:37 AM - System Checkpoint
    RP1850: 12/6/2010 10:50:18 AM - System Checkpoint
    RP1851: 12/7/2010 11:10:59 AM - System Checkpoint
    RP1852: 12/8/2010 12:06:29 PM - System Checkpoint
    RP1853: 12/9/2010 12:31:49 PM - System Checkpoint
    RP1854: 12/10/2010 1:06:23 PM - System Checkpoint
    RP1855: 12/11/2010 1:44:00 PM - System Checkpoint
    RP1856: 12/12/2010 2:42:55 PM - System Checkpoint
    RP1857: 12/13/2010 5:06:56 PM - System Checkpoint
    RP1858: 12/14/2010 5:59:47 PM - System Checkpoint
    RP1859: 12/15/2010 6:50:36 PM - System Checkpoint
    RP1860: 12/16/2010 3:00:25 AM - Software Distribution Service 3.0
    RP1861: 12/16/2010 10:29:14 AM - Installed Microsoft Office Live Meeting 2007
    RP1862: 12/17/2010 11:07:15 AM - System Checkpoint
    RP1863: 12/18/2010 11:57:45 AM - System Checkpoint
    RP1864: 12/19/2010 12:57:45 PM - System Checkpoint
    RP1865: 12/19/2010 2:44:11 PM - Restore Operation
    RP1866: 12/19/2010 3:50:02 PM - avast! Free Antivirus Setup
    RP1867: 12/20/2010 3:50:53 PM - System Checkpoint
    RP1868: 12/21/2010 4:16:57 PM - System Checkpoint
    RP1869: 12/22/2010 4:45:23 PM - System Checkpoint
    RP1870: 12/23/2010 3:00:16 AM - Software Distribution Service 3.0
    RP1871: 12/24/2010 3:51:27 AM - System Checkpoint
    RP1872: 12/25/2010 4:51:27 AM - System Checkpoint
    RP1873: 12/26/2010 5:40:57 AM - Removed MapSend Topo 3D USA
    RP1874: 12/26/2010 5:41:34 AM - Removed MapSend DirectRoute North America
    RP1875: 12/27/2010 7:00:17 AM - Made by Registry Mechanic O
    RP1876: 12/27/2010 7:17:03 AM - Restore Operation
    RP1877: 12/27/2010 7:23:50 AM - Made by Registry Mechanic O
    RP1878: 12/27/2010 1:15:19 PM - Made by Registry Mechanic O
    RP1879: 12/27/2010 1:40:09 PM - Installed HiJackThis

    ==== Installed Programs ======================

    µTorrent
    Abacast Client
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.1
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 3
    Ask Toolbar
    ASTRA32 - Advanced System Information Tool 1.40
    Athlon 64 Processor Driver
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    Audiogalaxy Rhapsody
    avast! Free Antivirus
    Barnes & Noble Desktop Reader
    Bonjour
    BufferChm
    Camera Window
    Canon Camera WIA Driver
    Canon Camera Window for ZoomBrowser EX
    Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
    Canon PhotoRecord
    Canon Utilities FileViewerUtility 1.0
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.6
    Canon Utilities ZoomBrowser EX
    CaptureWizPro 4.50
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chainlove Desktop Alert
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Creative Audio Console
    Creative Demo Player
    Creative Media Toolbox
    Creative MediaSource
    Creative System Information
    Curtains
    CustomerResearchQFolder
    Dell Photo Printer 720
    Destinations
    DeviceManagementQFolder
    dj_taplugin
    dj6980
    eSupportQFolder
    ffdshow [rev 3171] [2009-12-24]
    FileOpen Client
    FileViewerUtility 1.0
    FolderMatch v3.4.3
    getPlus(R) for Adobe
    Google Calendar Sync
    Google Earth
    Google Earth Pro
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2443685)
    HP Deskjet 6900 series
    HP Extended Capabilities 6.0
    HP Imaging Device Functions 6.0
    HP Photosmart Essential
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.0
    hpf_ProductContext
    HPProductAssistant
    Intel(R) PRO Network Connections Drivers
    iPod for Windows 2005-09-23
    iPod for Windows 2006-01-10
    iPod Reset Utility
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Pro 8
    Java(TM) 6 Update 17
    JD Secure 3.1
    KWorld ATSC 110 Drivers
    LimeWire 4.10.9
    LP6980_Help
    LP6980Trb
    Malwarebytes' Anti-Malware
    MarketResearch
    MaxBlast 4
    Media Library Management Wizard
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Bootvis
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.3
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft MapPoint North America 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft USB Flash Drive Manager
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Movie Maker Background Music Files
    Movie Maker Sound Effects
    Movie Maker Title Images
    Mozilla Firefox (3.6.13)
    MSConfig CleanUp 1.2
    Music Alarm Clock
    Nero Suite
    Nikon Message Center
    NVIDIA Drivers
    NvMixer
    Paragon Drive Copy 8.0 Professional
    Personal License Update Wizard for Windows Media Player
    PhotoStitch
    PictureProject
    PictureProject In Touch 1.0
    Play Mahjong Forever
    Plus! MP3 Audio Converter LE
    Polar Precision Performance SW
    Polar UpLink Tool
    Polar WebLink 2.3.4
    PolderbitS Sound Recorder and Editor
    Print Screen Deluxe
    QuickTime
    Rabbit
    Readme
    RealFA$T® Forms for North Carolina
    Registry Mechanic 10.0
    RemoteCapture 2.6
    Rhapsody
    Rhapsody Player Engine
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Skins
    Smart Defrag
    SolidCapture
    SolutionCenter
    Sound Blaster X-Fi
    Status
    Switch Off
    Total Recorder 4.2
    TrayApp
    TreeSize Free V1.77
    TreeSize Professional 3.3.3
    TWC Customer Controls
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2467659)
    USB to UART Bridge Controller
    Virtual Earth 3D (Beta)
    VLC media player 1.1.4
    WebFldrs XP
    WebReg
    WinAce Archiver
    Windows 7 Upgrade Advisor
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Bonus Pack for Windows XP
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Playlist Import to Excel Wizard
    Windows Media Player Skin Importer
    Windows Media Player Tray Control
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 12.1
    Yahoo! Software Update
    Yahoo! Toolbar
    Zinio Reader
    Zinio Reader 4

    ==== Event Viewer Messages From Past Week ========

    12/27/2010 7:29:36 AM, error: System Error [1003] - Error code 10000050, parameter1 fffffff4, parameter2 00000000, parameter3 8058f6c4, parameter4 00000000.
    12/27/2010 6:20:14 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ntvdmd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/27/2010 6:20:14 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ntvdm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/27/2010 6:13:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ntvdmd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/27/2010 6:13:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ntvdm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/27/2010 12:27:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nv_agp
    12/27/2010 1:38:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/26/2010 11:17:25 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/26/2010 11:17:25 AM, error: Service Control Manager [7000] - The NEC PCI to USB Enhanced Host Controller service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/21/2010 12:50:29 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    12/20/2010 5:17:12 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

    ==== End Of File ===========================

    GMER Log file (is this the same thing as ark.txt?):

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-29 17:40:21
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3250823A rev.3.03
    Running: lbhh1kpj.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\kfriypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA8590CF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA8590BAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA8591160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA859108A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA8590782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA8590C86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA85906C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA8590726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA8590DA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA859122E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA8590D66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA8590EE6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA859DBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA859D9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA859DB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP A859DB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP A859D9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP A85995D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP A859AFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP A859DBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F41000, 0x1C5D38, 0xE8000020]
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB8E86900]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2900] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272022b84
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x99 0x34 0xA1 0x1B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272022b84 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x99 0x34 0xA1 0x1B ...

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\DEFOZRX4\mod_times[1].php 0 bytes

    ---- EOF - GMER 1.0.15 ----

    Thanks for any guidance you can give me!
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Your logs are showing evidence of malware.

    Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
     
  3. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Thanks!
     
  4. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Bumping this up after 48 hours. Thanks for any help you can give me!
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  6. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Ok, here is the log from ComboFix. After running this, I did not reboot the machine. The pop-up error continues to occur.

    ComboFix 10-12-31.02 - Steve 01/01/2011 7:16.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1391 [GMT -5:00]
    Running from: c:\documents and settings\Steve\Desktop\BadgerGirl123.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Steve\Favorites\Thumbs.db
    c:\progra~1\COMMON~1\{30CDE~1
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
    .

    2010-12-31 15:53 . 2010-12-31 15:53 -------- d--h--w- c:\windows\PIF
    2010-12-31 13:02 . 2009-09-28 05:02 797184 ----a-w- c:\windows\system32\ac3filter.ax
    2010-12-31 13:02 . 2009-06-12 04:52 892928 ----a-w- c:\windows\system32\iconv.dll
    2010-12-31 13:02 . 2009-05-30 04:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-31 13:02 . 2008-07-03 01:44 258048 ----a-w- c:\windows\system32\libFLAC.dll
    2010-12-31 13:02 . 2010-12-31 13:09 -------- d-----w- c:\program files\OpenSubtitlesPlayer
    2010-12-31 12:16 . 2010-12-31 12:16 114 ----a-w- c:\windows\Printdir.bat
    2010-12-31 11:59 . 2010-12-31 11:59 -------- d-----w- c:\documents and settings\Grace
    2010-12-29 13:29 . 2010-12-29 13:29 -------- d-----w- c:\program files\iPod
    2010-12-27 18:40 . 2010-12-27 18:40 388096 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-27 11:49 . 2010-12-28 03:17 -------- d-----w- c:\documents and settings\Steve\Application Data\Registry Mechanic
    2010-12-27 11:39 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-27 11:39 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-27 11:39 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-27 11:39 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-27 11:39 . 2010-12-27 11:39 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-12-25 17:37 . 2010-12-25 17:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2010-12-22 10:36 . 2010-12-22 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-12-19 20:50 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-19 20:50 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-19 20:50 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-19 20:50 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-19 20:50 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-19 20:50 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-19 20:50 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-19 20:50 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-19 20:50 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-19 20:50 . 2010-12-19 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-19 19:57 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-19 19:57 . 2010-12-27 11:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-19 19:57 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-19 19:46 . 2010-12-19 19:46 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-12-19 19:45 . 2010-12-30 22:45 -------- d-----w- c:\documents and settings\Steve\Application Data\vlc
    2010-12-19 13:27 . 2010-12-19 13:31 -------- d-----w- c:\windows\system32\NtmsData
    2010-12-16 15:29 . 2010-12-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
    2010-12-16 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-16 06:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2006-01-06 21:32 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26 . 2004-01-08 20:23 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2001-08-23 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-11 395640]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-20 68856]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
    "ALLUpdate"="c:\program files\OpenSubtitlesPlayer\ALLUpdate.exe" [2010-03-24 1432064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 17920]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 18944]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-05-09 81920]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=DrvTrNTm.dll
    "wave"=DrvTrNTm.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [12/11/2006 10:41 PM 30820]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/19/2010 3:50 PM 165584]
    R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [11/23/2004 8:45 PM 23488]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/19/2010 3:50 PM 17744]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/27/2010 6:39 AM 632792]
    R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [4/14/2004 2:52 PM 20736]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 AM 135664]
    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [1/6/2006 4:42 PM 39680]
    S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [7/25/2006 6:46 PM 642688]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 7:00 AM 14336]
    S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [1/6/2006 4:42 PM 54784]
    S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [5/28/2006 9:24 PM 10080]
    S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2/20/2002 2:34 AM 72576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:52]

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:52]

    2011-01-01 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2010-12-27 22:05]

    2011-01-01 c:\windows\Tasks\RMSmartUpdate.job
    - c:\program files\Registry Mechanic\Update.exe [2010-12-27 17:26]

    2011-01-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-29 02:44]

    2010-12-20 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-01 23:08]

    2011-01-01 c:\windows\Tasks\User_Feed_Synchronization-{FAC7B4F4-8C49-486A-A8DB-23E5180277FD}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://newsobserver.com/
    mStart Page = hxxp://www.msn.com
    Trusted Zone: usmc.mil\www.29palms
    DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} - hxxps://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
    FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\930xgbas.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=008BA0F4-49EF-40FF-B79B-5C72FF596D26&apn_ptnrs=UF&apn_sauid=AD7AF8F8-BFB7-41D1-9074-248000A0C3DF&apn_dtid=&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A2C3B68E-CCD6-4D9A-8673-6A284CC045AF} - (no file)
    Toolbar-Locked - (no file)
    HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    Notify-mlljk - (no file)
    Notify-pmnnkll - pmnnkll.dll
    AddRemove-TreeSize Free_is1 - c:\program files\TreeSize\unins000.exe
    AddRemove-TreeSize Professional_is1 - c:\program files\TreeSize Professional\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-01 07:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-01-01 07:24:15
    ComboFix-quarantined-files.txt 2011-01-01 12:23

    Pre-Run: 87,233,994,752 bytes free
    Post-Run: 87,312,261,120 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 682CAAF90C0BD41D80D597CA664313C8
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    reboot & tell us if the proble still exists
     
  8. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    I rebooted and the pop-up still occurs.
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Click http://www.freedrweb.com/cureit/?lng=en to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
     
  10. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Here are the requested logs:

    Dr.Web:

    575d3075-318b078e\bpac/a.class;C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\53\575d3075-318b078e;Java.Downloader.150;; 575d3075-318b078e\bpac/b.class;C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\53\575d3075-318b078e;Java.Downloader.150;; 575d3075-318b078e;C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\53;Archive contains infected objects;Moved.; VirtumundoBeGone.exe\___;C:\Documents and Settings\Steve\My Documents\E Drive Files\!New Downloads\VirtumundoBeGone.exe;Tool.Killproc.3;; VirtumundoBeGone.exe;C:\Documents and Settings\Steve\My Documents\E Drive Files\!New Downloads;Container contains infected objects;Moved.; npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;Moved.; p30_sve.chm\S_h_r_g_r_du_f_r_att_l_gga_till_ett_nytt_team.htm;C:\Program Files\Polar\Polar Precision Performance\p30_sve.chm;Modification of Trojan.DownLoad1.22701;; p30_sve.chm;C:\Program Files\Polar\Polar Precision Performance;Container contains infected objects;; Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Killproc.3;Moved.; A0173408.exe;C:\System Volume Information\_restore{FB9F737A-8753-485E-B7DF-9C6F4DC80002}\RP1886;Tool.Killproc.3;Moved.; CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;Moved.;
    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:09:20 AM, on 1/3/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsobserver.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136654165060
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136654927310
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11450 bytes
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    are you still getting teh problem
     
  12. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Yes--sorry I forgot to include that piece of information!
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    see if reinstalling SP3 cures the problem
    Go here to download and save the full 316 MB SP3 upgrade.

    After it's been downloaded and saved, do the following:

    Double-click the saved SP3 upgrade file to start the upgrade process.

    It'll take 30 - 60 minutes or more to complete, so be patient.

    If you're not prompted to restart the computer after the upgrade is complete, do so.

    Restart the computer again.
     
  14. BadgerGirl

    BadgerGirl Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    15
    Ok, I reinstalled SP3 and rebooted. The error message still pops up.
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Lets see if this will show what might be causing it


    Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. ( vista or Windows 7, right click the rsit.exe and select run as admin)



    If necessary allow it to locate or download a copy of HijackThis as needed.

    Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

    RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

    You can use separate posts here when replying and posting the log files if needed.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971461

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice