computer freezes randomly - not sure why?

[cjj123]

Hi,

My computer has started freezing at random times, sometimes 10 mins, sometimes 2 hours, sometimes never?

My os is windows xp. I am running malware bytes and avast but so far have found no virus/malware problems

I'm therefore not sure if this is a software, malware or hardware problem and would be grateful if you could please help me try to narrow down what is wrong with my pc.

I have so far thoroughly cleaned the inside of the pc to reduce the temperature but this has had no effect, it still freezes.

Much appreciated and Many thanks for any help,
Chris

 

[MMM]

It could be your memory failing, try some other ram sticks.

 

[cjj123]

Hi MMM,

Thanks for looking at my problem,

I have replaced the RAM sticks and it seemed to work at first (no freezes for the first 5 hours) but now it still keeps freezing randomly e.g. working in excel, updating itunes etc

Any other ideas what could be causing this? Is this likely to be a software or hardware problem?

Thanks for all your help and suggestions,
chris

 

[lubo4444]

Power Supply can cause freezes too. If you have a spare one that you can give it a try then you will know for sure. Also it's possible to be your Hard Drive. You can give it a diagnostic test i think was it to see if you have problems with it. (i'm not exactly sure about it though)

 

[The Egyptian]

use HijackThis and post the report in your next reply

 

[Broni]

Download, and install SpeedFan: http://www.almico.com/sfdownload.php
Post your computer temperatures:

Provide processor info (hold Windows logo key, and hit Pause/Break key to find out).

 

[cjj123]

Hi,

Thanks for the replies. Here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:05, on 17/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
E:\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\myiHome\app\myiHome-server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: myiHome Server.lnk = E:\myiHome\app\myiHome-server.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - e:\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - e:\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe

--
End of file - 9388 bytes

Cheers,
chris

 

[cjj123]

I haven't got a spare Power Supply and don't really want to try and install a new one unless this is the only option left.

Here are my computer processer spec and temperatures from speedfan:

Pentium 4 CPU 3.00Ghz
2.00Gb of RAM

Speedfan temperatures:

GPU 50C
Temp1 minus 48C
Temp2 minus 48C
Temp3 minus 48C
HD0 30C
CPU 44C
SYS 31C
PWM2 32C
PWM1 32C

Fan1 0RPM
Fan2 0RPM
Fan3 0RPM
CPU 2160RPM
NB 3420RPM
SYS 1920RPM
AUX1 0RPM
AUX2 0RPM

CPU Usage - between 15 - 26%

Thanks,
Chris

 

[TFT]

You only have minor issues in your log that won't be the cause of it freezing so it boils down to be software, drivers or hardware, also your temps are fine.

I know you said there is no pattern to this but is there something common to when it happens? Do you have any background program running that may have an issue with another program, maybe keep to one program running at any one time. It could be poorly coded drivers that are OK on their own but conflict with another program.

Have you downloaded anything lately?
Can you restore to an earlier time?

 

[Broni]

CPU Usage - between 15 - 26%

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

 

[cjj123]

Hi,

I have attached the Procexp.txt report as recommended.

This freezing started to first happen when performing a lot of downloading from the internet and streaming video but now happens just happens randomly e.g. when working in excel.

It has been gradually getting worse and worse for a while now so don't think I can go back to a particular date.

It also started to first happen when i got a new webcam and mouse but i have since unstalled these drivers and it still freezes so i thought it was coincidental.

Thanks,
chris

 

[Broni]

I suspect, your computer may be infected...

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

 

[cjj123]

Thanks Broni for your help looking into this. Here are the 2 reports:

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16/04/2005 18:33:48
System Uptime: 18/10/2010 23:03:26 (0 hours ago)

Motherboard: http://www.abit.com.tw/ | | AG8 (Intel Grantsdale-ICH6R)
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3200/213mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3200/213mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 9.771 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 114 GiB total, 58.281 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1015: 06/09/2010 19:54:41 - Software Distribution Service 3.0
RP1016: 07/09/2010 00:51:17 - Installed Keyboard Driver
RP1017: 07/09/2010 03:00:17 - Software Distribution Service 3.0
RP1018: 07/09/2010 20:05:32 - Configured Keyboard Driver
RP1019: 08/09/2010 01:10:56 - Software Distribution Service 3.0
RP1020: 08/09/2010 08:07:53 - Software Distribution Service 3.0
RP1021: 08/09/2010 23:28:49 - Software Distribution Service 3.0
RP1022: 09/09/2010 19:49:54 - Software Distribution Service 3.0
RP1023: 11/09/2010 12:01:28 - Software Distribution Service 3.0
RP1024: 12/09/2010 18:11:32 - System Checkpoint
RP1025: 14/09/2010 20:21:20 - Software Distribution Service 3.0
RP1026: 22/09/2010 08:11:03 - Software Distribution Service 3.0
RP1027: 22/09/2010 08:18:08 - Software Distribution Service 3.0
RP1028: 23/09/2010 23:13:54 - System Checkpoint
RP1029: 24/09/2010 03:00:19 - Software Distribution Service 3.0
RP1030: 25/09/2010 00:33:29 - Software Distribution Service 3.0
RP1031: 28/09/2010 18:37:23 - Software Distribution Service 3.0
RP1032: 28/09/2010 22:37:10 - Software Distribution Service 3.0
RP1033: 01/10/2010 03:00:17 - Software Distribution Service 3.0
RP1034: 01/10/2010 08:18:36 - Software Distribution Service 3.0
RP1035: 02/10/2010 00:45:29 - Software Distribution Service 3.0
RP1036: 02/10/2010 20:52:06 - Software Distribution Service 3.0
RP1037: 03/10/2010 12:38:20 - Software Distribution Service 3.0
RP1038: 03/10/2010 21:16:51 - Software Distribution Service 3.0
RP1039: 04/10/2010 23:23:22 - Software Distribution Service 3.0
RP1040: 05/10/2010 08:24:58 - Software Distribution Service 3.0
RP1041: 09/10/2010 10:43:10 - Software Distribution Service 3.0
RP1042: 09/10/2010 17:36:07 - Software Distribution Service 3.0
RP1043: 10/10/2010 10:56:52 - Software Distribution Service 3.0
RP1044: 10/10/2010 23:38:47 - Software Distribution Service 3.0
RP1045: 11/10/2010 08:06:14 - Software Distribution Service 3.0
RP1046: 16/10/2010 13:54:04 - Software Distribution Service 3.0
RP1047: 17/10/2010 20:58:12 - Software Distribution Service 3.0
RP1048: 18/10/2010 23:05:42 - Software Distribution Service 3.0

==== Installed Programs ======================

3DMark03
7-Zip 4.65
ABIT uGuru
Adobe Flash Player 10 Plugin
Adobe Premiere Pro 1.5
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
Avidemux 2.5
Bonjour
BroadJump Client Foundation
Canon PhotoRecord
Canon PIXMA iP3000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CD-LabelPrint
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
Final Draft 7
Football Manager 2005
Google Earth
GrabIt 1.7.2 Beta 4 (build 997)
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hyper-Threading Technology Test Utility
Intel(R) Processor ID Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Left 4 Dead
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
myiHome v5.1.3
Nero OEM
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
QuickPar 0.9
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Retrospect Express HD 1.0
Rhapsody Player Engine
SAGEM F@st 800-840
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE)
Sky Broadband
Sky Broadband Browser Branding
SMART Board Software
SMART Essentials for Educators
Smart Menus (Windows Live Toolbar)
SpeedFan (remove only)
Spotify
Steam
Subtitle Workshop 2.51
TMPGEnc DVD Author 1.6
U.S. Robotics V.92 PCI Modem
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VLC media player 0.9.8a
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

16/10/2010 10:07:14, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The specified module could not be found.
16/10/2010 10:07:14, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
16/10/2010 10:07:14, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
12/10/2010 23:38:17, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
11/10/2010 08:06:18, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Flash Player (KB923789).

==== End Of File ===========================


DDS.txt


DDS (Ver_10-10-10.03) - NTFSx86
Run by Chris at 23:24:56.48 on 18/10/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1335 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
E:\iTunesHelper.exe
E:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\myiHome\app\myiHome-server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RetroExpress] c:\progra~1\dantz\retros~1\RetroExpress.exe /h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "E:\iTunesHelper.exe"
mRun: [GuruClock] c:\program files\abit\abit uguru\GuruClock.exe
mRun: [GrooveMonitor] "e:\microsoft office\office12\GrooveMonitor.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ABIT uGuru] c:\program files\abit\abit uguru\uGuru.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - e:\myihome\app\myiHome-server.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - e:\micros~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\comb5egf.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: e:\adobe\acrobat 6.0\reader\browser\nppdf32.dll
FF - plugin: e:\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2005-4-18 10752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-7 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-7 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-07 20:51:59 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-07 20:51:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-07 20:51:57 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 23:25:43.89 ===============

 

[cjj123]

Hi,

I was just wondering if anyone had any idea why my pc is freezing randomly. Is my computer infected?

 

[Broni]

Somehow, an email notification missed me.
Sorry for that.
I'll take a look at your logs right now.

 

[Broni]

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.



DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[cjj123]

Thanks for responding. Here are the 2 logs:

Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5059

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

06/11/2010 11:56:38
mbam-log-2010-11-06 (11-56-38).txt

Scan type: Quick scan
Objects scanned: 152605
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER

GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 18:31:29
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722516VLSA80 V34OA6MA
Running: hq45xnze.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB4108CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB4108BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB4109160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB410908A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB4108782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB4108C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB41086C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB4108726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB4108DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB410922E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB4108D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB4108EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4115BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB41159D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB4115B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80582EA6 7 Bytes JMP B4115B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9E9E 7 Bytes JMP B41159D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP B41115D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP B4112FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP B4115BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69DF3A0, 0x59FFE5, 0xE8000020]
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB6686900]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1944] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xA2 0x29 0xAA 0x9B ...

---- EOF - GMER 1.0.15 ----

Thanks,
Chris

 

[Broni]

Those look good.

I still need MBRCheck log.

 

[cjj123]

Sorry missed the 3rd test:

Here is the log for MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 intelide.sys
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AE000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB8118000 PxHelp20.sys
0xB7EC2000 KSecDD.sys
0xB8671000 Winflash.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB8338000 uGuru.sys
0xB85B0000 speedfan.sys
0xB8128000 sbp2port.sys
0xB7DED000 Mup.sys
0xB8672000 giveio.sys
0xB8158000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB68DE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB68CA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB68A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8408000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6887000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xB738B000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB6854000 \SystemRoot\system32\DRIVERS\USR_BSC2.sys
0xB6831000 \SystemRoot\system32\DRIVERS\ks.sys
0xB6732000 \SystemRoot\system32\DRIVERS\USR_MDM.sys
0xB668A000 \SystemRoot\system32\DRIVERS\HSF_USR.sys
0xB8410000 \SystemRoot\System32\Drivers\Modem.SYS
0xB6645000 \SystemRoot\system32\DRIVERS\WG311v3XP.sys
0xB65B1000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB658D000 \SystemRoot\system32\drivers\portcls.sys
0xB737B000 \SystemRoot\system32\drivers\drmk.sys
0xB652B000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB736B000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6517000 \SystemRoot\system32\DRIVERS\parport.sys
0xB735B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8420000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB734B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB733B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB732B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8428000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB87A5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB731B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6500000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB730B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB72FB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB64EF000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8438000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8440000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6496000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8448000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB643D000 \SystemRoot\system32\DRIVERS\update.sys
0xB8598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8188000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86C2000 \SystemRoot\System32\Drivers\Null.SYS
0xB85EC000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8470000 \SystemRoot\System32\drivers\vga.sys
0xB85EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8480000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8544000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB41D6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB417E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8218000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB415D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB410D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB40EB000 \SystemRoot\System32\drivers\afd.sys
0xB8228000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB40C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4051000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8238000 \SystemRoot\System32\Drivers\Fips.SYS
0xB402A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB8498000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB856C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB64E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3212000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB8308000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB31FA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8618000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6408000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8368000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86EC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB2FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB2F8E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2D63000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB2B7F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8626000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB2CE7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB2A38000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2E32000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB83B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB263B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB81A8000 \SystemRoot\system32\drivers\sysaudio.sys
0xB864A000 \SystemRoot\system32\drivers\splitter.sys
0xB2618000 \SystemRoot\system32\drivers\aec.sys
0xB26D8000 \SystemRoot\system32\drivers\swmidi.sys
0xB26C8000 \SystemRoot\system32\drivers\DMusic.sys
0xB25ED000 \SystemRoot\system32\drivers\kmixer.sys
0xB8761000 \SystemRoot\system32\drivers\drmkaud.sys
0xB25AC000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
796 C:\WINDOWS\system32\smss.exe
848 csrss.exe
872 C:\WINDOWS\system32\winlogon.exe
916 C:\WINDOWS\system32\services.exe
928 C:\WINDOWS\system32\lsass.exe
1096 C:\WINDOWS\system32\nvsvc32.exe
1168 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1380 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1640 svchost.exe
1928 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
332 C:\WINDOWS\system32\spoolsv.exe
828 svchost.exe
120 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1076 C:\Program Files\Bonjour\mDNSResponder.exe
1200 C:\WINDOWS\system32\cisvc.exe
1304 C:\Program Files\Java\jre6\bin\jqs.exe
1804 C:\Program Files\SMART Board Software\SMARTBoardService.exe
1844 C:\WINDOWS\system32\svchost.exe
1656 wdfmgr.exe
412 C:\WINDOWS\system32\svchost.exe
1516 alg.exe
2912 C:\WINDOWS\system32\cidaemon.exe
4076 C:\WINDOWS\system32\wscntfy.exe
276 C:\WINDOWS\explorer.exe
2160 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2172 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2216 C:\WINDOWS\SOUNDMAN.EXE
2504 C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
2548 E:\iTunesHelper.exe
2612 C:\WINDOWS\system32\svchost.exe
2924 C:\WINDOWS\system32\wuauclt.exe
3032 E:\Microsoft Office\Office12\GrooveMonitor.exe
1796 C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
3068 C:\Program Files\BroadJump\Client Foundation\CFD.exe
3076 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3156 C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
3220 C:\WINDOWS\system32\rundll32.exe
3264 C:\WINDOWS\system32\ctfmon.exe
3392 C:\Program Files\iPod\bin\iPodService.exe
3548 E:\myiHome\app\myiHome-server.exe
2264 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2300 wmiprvse.exe
2444 C:\Program Files\Mozilla Firefox\firefox.exe
1216 C:\PROGRA~1\Dantz\RETROS~1\Retrospect.exe
3404 C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
2852 C:\Documents and Settings\Chris\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS)

PhysicalDrive0 Model Number: HDS722516VLSA80, Rev: V34OA6MA

Size Device Name MBR Status
--------------------------------------------
153 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Thanks,
Chris

 

[Broni]

Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!