computer freezes randomly - not sure why?

Discussion in 'General Software' started by cjj123, Sep 23, 2010.

  1. cjj123

    cjj123 New Member

    Messages:
    20
    Hi,

    My computer has started freezing at random times, sometimes 10 mins, sometimes 2 hours, sometimes never?

    My os is windows xp. I am running malware bytes and avast but so far have found no virus/malware problems

    I'm therefore not sure if this is a software, malware or hardware problem and would be grateful if you could please help me try to narrow down what is wrong with my pc.

    I have so far thoroughly cleaned the inside of the pc to reduce the temperature but this has had no effect, it still freezes.

    Much appreciated and Many thanks for any help,
    Chris
     
  2. MMM

    MMM New Member

    Messages:
    510
    It could be your memory failing, try some other ram sticks.
     
  3. cjj123

    cjj123 New Member

    Messages:
    20
    Hi MMM,

    Thanks for looking at my problem,

    I have replaced the RAM sticks and it seemed to work at first (no freezes for the first 5 hours) but now it still keeps freezing randomly e.g. working in excel, updating itunes etc

    Any other ideas what could be causing this? Is this likely to be a software or hardware problem?

    Thanks for all your help and suggestions,
    chris
     
  4. lubo4444

    lubo4444 Active Member

    Messages:
    1,870
    Power Supply can cause freezes too. If you have a spare one that you can give it a try then you will know for sure. Also it's possible to be your Hard Drive. You can give it a diagnostic test i think was it to see if you have problems with it. (i'm not exactly sure about it though)
     
  5. The Egyptian

    The Egyptian New Member

    Messages:
    49
    use HijackThis and post the report in your next reply
     
  6. Broni

    Broni VIP Member

    Messages:
    514
    Download, and install SpeedFan: http://www.almico.com/sfdownload.php
    Post your computer temperatures:

    [​IMG]

    Provide processor info (hold Windows logo key, and hit Pause/Break key to find out).
     
  7. cjj123

    cjj123 New Member

    Messages:
    20
    Hi,

    Thanks for the replies. Here is my HijackThis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:30:05, on 17/10/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SMART Board Software\SMARTBoardService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    E:\iTunesHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    E:\myiHome\app\myiHome-server.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: myiHome Server.lnk = E:\myiHome\app\myiHome-server.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - e:\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - e:\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe

    --
    End of file - 9388 bytes

    Cheers,
    chris
     
  8. cjj123

    cjj123 New Member

    Messages:
    20
    I haven't got a spare Power Supply and don't really want to try and install a new one unless this is the only option left.

    Here are my computer processer spec and temperatures from speedfan:

    Pentium 4 CPU 3.00Ghz
    2.00Gb of RAM

    Speedfan temperatures:

    GPU 50C
    Temp1 minus 48C
    Temp2 minus 48C
    Temp3 minus 48C
    HD0 30C
    CPU 44C
    SYS 31C
    PWM2 32C
    PWM1 32C

    Fan1 0RPM
    Fan2 0RPM
    Fan3 0RPM
    CPU 2160RPM
    NB 3420RPM
    SYS 1920RPM
    AUX1 0RPM
    AUX2 0RPM

    CPU Usage - between 15 - 26%

    Thanks,
    Chris
     
  9. TFT

    TFT VIP Member

    Messages:
    5,245
    You only have minor issues in your log that won't be the cause of it freezing so it boils down to be software, drivers or hardware, also your temps are fine.

    I know you said there is no pattern to this but is there something common to when it happens? Do you have any background program running that may have an issue with another program, maybe keep to one program running at any one time. It could be poorly coded drivers that are OK on their own but conflict with another program.

    Have you downloaded anything lately?
    Can you restore to an earlier time?
     
  10. Broni

    Broni VIP Member

    Messages:
    514
    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  11. cjj123

    cjj123 New Member

    Messages:
    20
    Hi,

    I have attached the Procexp.txt report as recommended.

    This freezing started to first happen when performing a lot of downloading from the internet and streaming video but now happens just happens randomly e.g. when working in excel.

    It has been gradually getting worse and worse for a while now so don't think I can go back to a particular date.

    It also started to first happen when i got a new webcam and mouse but i have since unstalled these drivers and it still freezes so i thought it was coincidental.

    Thanks,
    chris
     

    Attached Files:

  12. Broni

    Broni VIP Member

    Messages:
    514
    I suspect, your computer may be infected...

    Please, download DDS from one of the 2 mirrors and save it to your desktop.

    Mirror 1
    Mirror 2

    * Disable any script blocking protection (if present)
    * Double click the dds icon to run the tool.
    * When done, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    * Save both reports to your desktop by clicking File>Save As in each log.

    Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.
     
  13. cjj123

    cjj123 New Member

    Messages:
    20
    Thanks Broni for your help looking into this. Here are the 2 reports:

    Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/04/2005 18:33:48
    System Uptime: 18/10/2010 23:03:26 (0 hours ago)

    Motherboard: http://www.abit.com.tw/ | | AG8 (Intel Grantsdale-ICH6R)
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3200/213mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3200/213mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 39 GiB total, 9.771 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 114 GiB total, 58.281 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1015: 06/09/2010 19:54:41 - Software Distribution Service 3.0
    RP1016: 07/09/2010 00:51:17 - Installed Keyboard Driver
    RP1017: 07/09/2010 03:00:17 - Software Distribution Service 3.0
    RP1018: 07/09/2010 20:05:32 - Configured Keyboard Driver
    RP1019: 08/09/2010 01:10:56 - Software Distribution Service 3.0
    RP1020: 08/09/2010 08:07:53 - Software Distribution Service 3.0
    RP1021: 08/09/2010 23:28:49 - Software Distribution Service 3.0
    RP1022: 09/09/2010 19:49:54 - Software Distribution Service 3.0
    RP1023: 11/09/2010 12:01:28 - Software Distribution Service 3.0
    RP1024: 12/09/2010 18:11:32 - System Checkpoint
    RP1025: 14/09/2010 20:21:20 - Software Distribution Service 3.0
    RP1026: 22/09/2010 08:11:03 - Software Distribution Service 3.0
    RP1027: 22/09/2010 08:18:08 - Software Distribution Service 3.0
    RP1028: 23/09/2010 23:13:54 - System Checkpoint
    RP1029: 24/09/2010 03:00:19 - Software Distribution Service 3.0
    RP1030: 25/09/2010 00:33:29 - Software Distribution Service 3.0
    RP1031: 28/09/2010 18:37:23 - Software Distribution Service 3.0
    RP1032: 28/09/2010 22:37:10 - Software Distribution Service 3.0
    RP1033: 01/10/2010 03:00:17 - Software Distribution Service 3.0
    RP1034: 01/10/2010 08:18:36 - Software Distribution Service 3.0
    RP1035: 02/10/2010 00:45:29 - Software Distribution Service 3.0
    RP1036: 02/10/2010 20:52:06 - Software Distribution Service 3.0
    RP1037: 03/10/2010 12:38:20 - Software Distribution Service 3.0
    RP1038: 03/10/2010 21:16:51 - Software Distribution Service 3.0
    RP1039: 04/10/2010 23:23:22 - Software Distribution Service 3.0
    RP1040: 05/10/2010 08:24:58 - Software Distribution Service 3.0
    RP1041: 09/10/2010 10:43:10 - Software Distribution Service 3.0
    RP1042: 09/10/2010 17:36:07 - Software Distribution Service 3.0
    RP1043: 10/10/2010 10:56:52 - Software Distribution Service 3.0
    RP1044: 10/10/2010 23:38:47 - Software Distribution Service 3.0
    RP1045: 11/10/2010 08:06:14 - Software Distribution Service 3.0
    RP1046: 16/10/2010 13:54:04 - Software Distribution Service 3.0
    RP1047: 17/10/2010 20:58:12 - Software Distribution Service 3.0
    RP1048: 18/10/2010 23:05:42 - Software Distribution Service 3.0

    ==== Installed Programs ======================

    3DMark03
    7-Zip 4.65
    ABIT uGuru
    Adobe Flash Player 10 Plugin
    Adobe Premiere Pro 1.5
    Adobe Reader 9.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    avast! Free Antivirus
    Avidemux 2.5
    Bonjour
    BroadJump Client Foundation
    Canon PhotoRecord
    Canon PIXMA iP3000
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PrintToolBox
    CCleaner (remove only)
    CD-LabelPrint
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Easy-WebPrint
    Final Draft 7
    Football Manager 2005
    Google Earth
    GrabIt 1.7.2 Beta 4 (build 997)
    Highlight Viewer (Windows Live Toolbar)
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Hyper-Threading Technology Test Utility
    Intel(R) Processor ID Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Left 4 Dead
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Mozilla Firefox (3.0.19)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    myiHome v5.1.3
    Nero OEM
    Notepad++
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    QuickPar 0.9
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Retrospect Express HD 1.0
    Rhapsody Player Engine
    SAGEM [email protected] 800-840
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE)
    Sky Broadband
    Sky Broadband Browser Branding
    SMART Board Software
    SMART Essentials for Educators
    Smart Menus (Windows Live Toolbar)
    SpeedFan (remove only)
    Spotify
    Steam
    Subtitle Workshop 2.51
    TMPGEnc DVD Author 1.6
    U.S. Robotics V.92 PCI Modem
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (kb2410711)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VLC media player 0.9.8a
    WebFldrs XP
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Writer
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    WinRAR archiver
    XviD MPEG4 Video Codec (remove only)

    ==== Event Viewer Messages From Past Week ========

    16/10/2010 10:07:14, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The specified module could not be found.
    16/10/2010 10:07:14, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
    16/10/2010 10:07:14, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
    12/10/2010 23:38:17, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
    11/10/2010 08:06:18, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Flash Player (KB923789).

    ==== End Of File ===========================


    DDS.txt


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Chris at 23:24:56.48 on 18/10/2010
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1335 [GMT 1:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SMART Board Software\SMARTBoardService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    E:\iTunesHelper.exe
    E:\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    E:\myiHome\app\myiHome-server.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Chris\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.sky.com
    uWindow Title = Internet Explorer Provided By Sky Broadband
    uDefault_Page_URL = hxxp://www.sky.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [RetroExpress] c:\progra~1\dantz\retros~1\RetroExpress.exe /h
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [iTunesHelper] "E:\iTunesHelper.exe"
    mRun: [GuruClock] c:\program files\abit\abit uguru\GuruClock.exe
    mRun: [GrooveMonitor] "e:\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
    mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ABIT uGuru] c:\program files\abit\abit uguru\uGuru.exe
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - e:\myihome\app\myiHome-server.exe
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - e:\micros~1\office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\comb5egf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
    FF - plugin: e:\adobe\acrobat 6.0\reader\browser\nppdf32.dll
    FF - plugin: e:\mozilla plugins\npitunes.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2005-4-18 10752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-7 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-7 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-09-07 20:51:59 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-09-07 20:51:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-09-07 20:51:57 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 23:25:43.89 ===============
     
  14. cjj123

    cjj123 New Member

    Messages:
    20
    Hi,

    I was just wondering if anyone had any idea why my pc is freezing randomly. Is my computer infected?
     
  15. Broni

    Broni VIP Member

    Messages:
    514
    Somehow, an email notification missed me.
    Sorry for that.
    I'll take a look at your logs right now.
     
  16. Broni

    Broni VIP Member

    Messages:
    514
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. cjj123

    cjj123 New Member

    Messages:
    20
    Thanks for responding. Here are the 2 logs:

    Malwarebytes

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5059

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    06/11/2010 11:56:38
    mbam-log-2010-11-06 (11-56-38).txt

    Scan type: Quick scan
    Objects scanned: 152605
    Time elapsed: 8 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER

    GMER 1.0.15.15507 - http://www.gmer.net
    Rootkit scan 2010-11-06 18:31:29
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722516VLSA80 V34OA6MA
    Running: hq45xnze.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\pxtdqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB4108CF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB4108BAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB4109160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB410908A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB4108782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB4108C86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB41086C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB4108726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB4108DA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB410922E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB4108D66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB4108EE6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4115BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB41159D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB4115B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 80582EA6 7 Bytes JMP B4115B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805A9E9E 7 Bytes JMP B41159D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP B41115D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP B4112FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP B4115BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69DF3A0, 0x59FFE5, 0xE8000020]
    init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB6686900]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1944] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
    Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\[email protected] 0xA2 0x29 0xAA 0x9B ...

    ---- EOF - GMER 1.0.15 ----

    Thanks,
    Chris
     
  18. Broni

    Broni VIP Member

    Messages:
    514
    Those look good.

    I still need MBRCheck log.
     
  19. cjj123

    cjj123 New Member

    Messages:
    20
    Sorry missed the 3rd test:

    Here is the log for MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000007d

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F79000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F68000 pci.sys
    0xB80A8000 isapnp.sys
    0xB80B8000 ohci1394.sys
    0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB85AC000 intelide.sys
    0xB80D8000 MountMgr.sys
    0xB7F49000 ftdisk.sys
    0xB85AE000 dmload.sys
    0xB7F23000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80E8000 VolSnap.sys
    0xB7F0B000 atapi.sys
    0xB80F8000 disk.sys
    0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7EEB000 fltMgr.sys
    0xB7ED9000 sr.sys
    0xB8118000 PxHelp20.sys
    0xB7EC2000 KSecDD.sys
    0xB8671000 Winflash.sys
    0xB7E35000 Ntfs.sys
    0xB7E08000 NDIS.sys
    0xB8338000 uGuru.sys
    0xB85B0000 speedfan.sys
    0xB8128000 sbp2port.sys
    0xB7DED000 Mup.sys
    0xB8672000 giveio.sys
    0xB8158000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB68DE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB68CA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB8400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB68A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8408000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB6887000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0xB738B000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB6854000 \SystemRoot\system32\DRIVERS\USR_BSC2.sys
    0xB6831000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB6732000 \SystemRoot\system32\DRIVERS\USR_MDM.sys
    0xB668A000 \SystemRoot\system32\DRIVERS\HSF_USR.sys
    0xB8410000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB6645000 \SystemRoot\system32\DRIVERS\WG311v3XP.sys
    0xB65B1000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xB658D000 \SystemRoot\system32\drivers\portcls.sys
    0xB737B000 \SystemRoot\system32\drivers\drmk.sys
    0xB652B000 \SystemRoot\system32\drivers\ALCXSENS.SYS
    0xB8418000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB736B000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB8574000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB6517000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB735B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB8420000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB734B000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB733B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB732B000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8428000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB87A5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB731B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB6500000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB730B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB72FB000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8430000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB64EF000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB8438000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB8440000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB6496000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8178000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB8448000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB85DE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB643D000 \SystemRoot\system32\DRIVERS\update.sys
    0xB8598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8188000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB85E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB8460000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB85EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB86C2000 \SystemRoot\System32\Drivers\Null.SYS
    0xB85EC000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8470000 \SystemRoot\System32\drivers\vga.sys
    0xB85EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB85F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8478000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB8480000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB8544000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB41D6000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB417E000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB8218000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB415D000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB410D000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB40EB000 \SystemRoot\System32\drivers\afd.sys
    0xB8228000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB40C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB4051000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8238000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB402A000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB8498000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xB84A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB856C000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB8278000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB84B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB64E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB3212000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB8308000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB31FA000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB8618000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB6408000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB8368000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB86EC000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB2FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xB2F8E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB2D63000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xB2B7F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB8626000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB2CE7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB2A38000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB2E32000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xB83B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xB263B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB81A8000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB864A000 \SystemRoot\system32\drivers\splitter.sys
    0xB2618000 \SystemRoot\system32\drivers\aec.sys
    0xB26D8000 \SystemRoot\system32\drivers\swmidi.sys
    0xB26C8000 \SystemRoot\system32\drivers\DMusic.sys
    0xB25ED000 \SystemRoot\system32\drivers\kmixer.sys
    0xB8761000 \SystemRoot\system32\drivers\drmkaud.sys
    0xB25AC000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 50):
    0 System Idle Process
    4 System
    796 C:\WINDOWS\system32\smss.exe
    848 csrss.exe
    872 C:\WINDOWS\system32\winlogon.exe
    916 C:\WINDOWS\system32\services.exe
    928 C:\WINDOWS\system32\lsass.exe
    1096 C:\WINDOWS\system32\nvsvc32.exe
    1168 C:\WINDOWS\system32\svchost.exe
    1236 svchost.exe
    1380 C:\WINDOWS\system32\svchost.exe
    1484 svchost.exe
    1640 svchost.exe
    1928 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    332 C:\WINDOWS\system32\spoolsv.exe
    828 svchost.exe
    120 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1076 C:\Program Files\Bonjour\mDNSResponder.exe
    1200 C:\WINDOWS\system32\cisvc.exe
    1304 C:\Program Files\Java\jre6\bin\jqs.exe
    1804 C:\Program Files\SMART Board Software\SMARTBoardService.exe
    1844 C:\WINDOWS\system32\svchost.exe
    1656 wdfmgr.exe
    412 C:\WINDOWS\system32\svchost.exe
    1516 alg.exe
    2912 C:\WINDOWS\system32\cidaemon.exe
    4076 C:\WINDOWS\system32\wscntfy.exe
    276 C:\WINDOWS\explorer.exe
    2160 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2172 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2216 C:\WINDOWS\SOUNDMAN.EXE
    2504 C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    2548 E:\iTunesHelper.exe
    2612 C:\WINDOWS\system32\svchost.exe
    2924 C:\WINDOWS\system32\wuauclt.exe
    3032 E:\Microsoft Office\Office12\GrooveMonitor.exe
    1796 C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
    3068 C:\Program Files\BroadJump\Client Foundation\CFD.exe
    3076 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3156 C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    3220 C:\WINDOWS\system32\rundll32.exe
    3264 C:\WINDOWS\system32\ctfmon.exe
    3392 C:\Program Files\iPod\bin\iPodService.exe
    3548 E:\myiHome\app\myiHome-server.exe
    2264 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    2300 wmiprvse.exe
    2444 C:\Program Files\Mozilla Firefox\firefox.exe
    1216 C:\PROGRA~1\Dantz\RETROS~1\Retrospect.exe
    3404 C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    2852 C:\Documents and Settings\Chris\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS)

    PhysicalDrive0 Model Number: HDS722516VLSA80, Rev: V34OA6MA

    Size Device Name MBR Status
    --------------------------------------------
    153 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    Thanks,
    Chris
     
  20. Broni

    Broni VIP Member

    Messages:
    514
    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

Share This Page