followed the instructions on malware thread. have logs. waiting for help

[piratesteve83]

i had a few error windows that kept coming up over and over that said something about sysvsd.exe and NTVDM error.  my computer's been running pretty slow for a while.  when i control/alt/deleted i found a two processes, both called ntvdm.exe, that were eating up all of my memory usage, so i ended them.  the next day they were back and running again, even though i never powered down my computer.  i went through the "read this before requesting malware removal" thread, and followed all the instructions, and as of yet have not seen any error windows, nor ntvdm.exe running in the processes list.  so that's a good sign.  i'm including in this post the logs from malwarebyte's anti-malware and hijackthis.  the anti-malware found a file called sysvxd and several other things, which it removed.  i'm not posting the superantispyware log because there wasn't one.  nothing came up in that search.  if i have any more problems, i'll be sure to comment, but either way, i would love feedback from someone who knows what to look for in the hijackthis log.  thank you!

anti-malware log:

Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3

3/14/2009 9:53:17 PM
mbam-log-2009-03-14 (21-53-17).txt

Scan type: Quick Scan
Objects scanned: 86010
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\oTt02e (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:58 PM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Startup: Shortcut to Regcleaner.lnk = C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Shortcut to Regcleaner.lnk = C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194402456203
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5628 bytes

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[piratesteve83]

i ran combo fix, and near the end of it's run a window popped up saying this:

Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

it gave me the option to cancel, try again, or continue, so i hit continue, and combofix finshed up and gave me a log.  should i be worried about this error window?

anyway, here's the log:

ComboFix 09-03-13.02 - Owner 2009-03-15  1:03:24.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.216 [GMT -4:00]
Running from: c:\documents and settings\Owner.STEVE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

Manual Fix is required for restoring CommonStartup
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\drivers\fad.sys

.
(((((((((((((((((((((((((   Files Created from 2009-02-15 to 2009-03-15  )))))))))))))))))))))))))))))))
.

2009-03-14 22:19 . 2009-03-14 22:17   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-14 21:28 . 2009-03-14 21:28   <DIR>   d--------   c:\documents and settings\Owner.STEVE\Application Data\Malwarebytes
2009-03-14 21:27 . 2009-03-14 21:28   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:27 . 2009-03-14 21:27   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-03-14 21:27 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 21:27 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-14 18:21 . 2009-03-14 18:21   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-03-14 18:21 . 2009-03-14 18:21   <DIR>   d--------   c:\documents and settings\Owner.STEVE\Application Data\SUPERAntiSpyware.com
2009-03-14 18:21 . 2009-03-14 18:21   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-03-14 18:10 . 2009-03-14 18:10   <DIR>   d--------   c:\program files\CCleaner
2009-03-14 09:10 . 2009-03-14 10:04   <DIR>   d--h-----   C:\$AVG8.VAULT$
2009-03-13 15:27 . 2009-03-13 15:27   107,912   --a------   c:\windows\system32\drivers\avgtdix.sys
2009-03-13 15:27 . 2009-03-13 15:27   10,520   --a------   c:\windows\system32\avgrsstx.dll
2009-03-13 15:26 . 2009-03-14 08:42   <DIR>   d--------   c:\windows\system32\drivers\Avg
2009-03-13 15:26 . 2009-03-13 15:26   325,640   --a------   c:\windows\system32\drivers\avgldx86.sys
2009-03-13 15:25 . 2009-03-13 15:25   <DIR>   d--------   c:\program files\AVG
2009-03-13 15:25 . 2009-03-13 15:25   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-02-18 18:42 . 2009-02-18 23:51   74   --a------   c:\windows\ViewNX.INI
2009-02-18 17:43 . 2009-02-18 17:57   <DIR>   d--------   c:\documents and settings\Owner.STEVE\Application Data\Nikon
2009-02-18 17:39 . 2009-02-18 21:53   20   ---h-----   c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
2009-02-18 17:37 . 2009-02-18 17:40   <DIR>   d--------   c:\program files\Nikon
2009-02-18 17:37 . 2009-02-18 17:42   <DIR>   d--------   c:\program files\Common Files\Nikon
2009-02-18 17:37 . 2009-02-18 17:37   <DIR>   d--------   c:\program files\Common Files\muvee Technologies
2009-02-18 17:37 . 2009-02-18 17:37   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Nikon
2009-02-18 17:36 . 2009-02-18 17:39   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Ultima_T15
2009-02-18 17:36 . 2009-02-18 17:39   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\EnterNHelp
2009-02-18 17:36 . 2009-02-18 17:46   20   ---h-----   c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 03:36   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\LimeWire
2009-03-15 02:22   ---------   d-----w   c:\program files\Java
2009-03-14 22:19   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-11 21:02   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-18 21:36   106,496   ----a-w   c:\windows\system32\ATL71.DLL
2009-02-18 21:35   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-02-10 16:18   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\U3
2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
2009-02-07 03:00   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\Move Networks
2009-02-03 06:20   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-02 05:03   ---------   d-----w   c:\program files\WM Converter
2009-02-02 05:01   ---------   d-----w   c:\program files\Video Editor
2009-01-28 19:41   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\Xilisoft Corporation
2009-01-28 19:40   ---------   d-----w   c:\program files\Xilisoft
2009-01-19 08:57   1,060,864   ----a-w   c:\windows\system32\MFC71.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-28 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-01-07 1261568]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 15:27 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\My Games\\Worms 2\\frontend.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-13 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-13 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2007-11-06 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2007-11-06 19534]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-07 272128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S4 hpdj00;hpdj00;c:\docume~1\OWNER~1.STE\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series -product=aio --> c:\docume~1\OWNER~1.STE\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series -product=aio [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.STEVE\Application Data\Mozilla\Firefox\Profiles\ael2xack.default\
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - plugin: c:\documents and settings\Owner.STEVE\Application Data\Mozilla\Firefox\Profiles\ael2xack.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 01:33:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:24,42,a6,c6,90,d5,09,83,56,71,4a,c1,6c,ae,ff,cc,d0,e8,76,79,e0,97,50,
   11,f7,76,f5,0e,89,30,62,22,66,0e,27,a8,a1,ad,e3,b9,de,0d,62,96,19,aa,6e,2c,\
"??"=hex:bc,dc,a7,72,80,37,df,2e,5f,9f,d9,e9,74,d0,31,5d

[HKEY_USERS\S-1-5-21-1417001333-2077806209-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c2,3b,12,7b,6f,0f,39,ac,55,21,15,31,76,65,ad,3d,78,6f,0f,0a,4e,
   dc,fb,a3,f0,99,8d,f7,55,e7,39,3b,eb,77,e9,05,8e,91,69,50,48,1b,3c,b9,87,25,\
"rkeysecu"=hex:b2,b0,ea,ca,ed,ef,98,ba,72,a6,e3,d0,8b,87,ff,80
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2908)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-03-15  8:15:21
ComboFix-quarantined-files.txt  2009-03-15 12:14:54

Pre-Run: 33,799,467,008 bytes free
Post-Run: 33,787,035,648 bytes free

176   --- E O F ---   2009-03-13 21:02:11

[evilfantasy]

Before we continue we need to fix your registry as indicated from this line in ComboFix:

Manual Fix is required for restoring CommonStartup

* Please download this file to your Desktop and then extract the .reg file from it.
* Next right-click the .reg file and choose Merge.
* The file will merge to your registry restoring the default values.

Important: Restart your computer!

* Next please uninstall the older version of ComboFix by going to Start > Run and typing ComboFix /u
(note the space between combofix and /u).
* Now please download the latest version of ComboFix from BleepingComputer.
* Restart your computer into Safe Mode.

* Double-click ComboFix to run it.
* Post the log it creates (C:\combofix.txt) in your next reply.

[piratesteve83]

Here's the latest and greatest:

ComboFix 09-03-14.02 - Owner 2009-03-15 18:59:28.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.382 [GMT -4:00]
Running from: c:\documents and settings\Owner.STEVE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((   Files Created from 2009-02-15 to 2009-03-15  )))))))))))))))))))))))))))))))
.

2009-03-14 22:19 . 2009-03-14 22:17   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-14 21:28 . 2009-03-14 21:28   <DIR>   d--------   c:\documents and settings\Owner.STEVE\Application Data\Malwarebytes
2009-03-14 21:27 . 2009-03-14 21:28   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:27 . 2009-03-14 21:27   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-03-14 21:27 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 21:27 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-14 18:21 . 2009-03-14 18:21   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-03-14 18:21 . 2009-03-14 18:21   <DIR>   d--------   c:\documents and settings\Owner.STEVE\Application Data\SUPERAntiSpyware.com
2009-03-14 18:21 . 2009-03-14 18:21   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-03-14 18:10 . 2009-03-14 18:10   <DIR>   d--------   c:\program files\CCleaner
2009-03-14 09:10 . 2009-03-14 10:04   <DIR>   d--h-----   C:\$AVG8.VAULT$
2009-03-13 15:27 . 2009-03-13 15:27   107,912   --a------   c:\windows\system32\drivers\avgtdix.sys
2009-03-13 15:27 . 2009-03-13 15:27   10,520   --a------   c:\windows\system32\avgrsstx.dll
2009-03-13 15:26 . 2009-03-15 17:58   <DIR>   d--------   c:\windows\system32\drivers\Avg
2009-03-13 15:26 . 2009-03-13 15:26   325,640   --a------   c:\windows\system32\drivers\avgldx86.sys
2009-03-13 15:25 . 2009-03-13 15:25   <DIR>   d--------   c:\program files\AVG
2009-03-13 15:25 . 2009-03-13 15:25   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-02-18 18:42 . 2009-02-18 23:51   74   --a------   c:\windows\ViewNX.INI
2009-02-18 17:43 . 2009-02-18 17:57   <DIR>   d--------   c:\documents and settings\Owner.STEVE\Application Data\Nikon
2009-02-18 17:39 . 2009-02-18 21:53   20   ---h-----   c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
2009-02-18 17:37 . 2009-02-18 17:40   <DIR>   d--------   c:\program files\Nikon
2009-02-18 17:37 . 2009-02-18 17:42   <DIR>   d--------   c:\program files\Common Files\Nikon
2009-02-18 17:37 . 2009-02-18 17:37   <DIR>   d--------   c:\program files\Common Files\muvee Technologies
2009-02-18 17:37 . 2009-02-18 17:37   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Nikon
2009-02-18 17:36 . 2009-02-18 17:39   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Ultima_T15
2009-02-18 17:36 . 2009-02-18 17:39   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\EnterNHelp
2009-02-18 17:36 . 2009-02-18 17:46   20   ---h-----   c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 22:42   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\LimeWire
2009-03-15 02:22   ---------   d-----w   c:\program files\Java
2009-03-14 22:19   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-11 21:02   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-18 21:36   106,496   ----a-w   c:\windows\system32\ATL71.DLL
2009-02-18 21:35   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-02-10 16:18   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\U3
2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
2009-02-07 03:00   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\Move Networks
2009-02-03 06:20   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-02 05:03   ---------   d-----w   c:\program files\WM Converter
2009-02-02 05:01   ---------   d-----w   c:\program files\Video Editor
2009-01-28 19:41   ---------   d-----w   c:\documents and settings\Owner.STEVE\Application Data\Xilisoft Corporation
2009-01-28 19:40   ---------   d-----w   c:\program files\Xilisoft
2009-01-19 08:57   1,060,864   ----a-w   c:\windows\system32\MFC71.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-28 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-01-07 1261568]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 15:27 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\My Games\\Worms 2\\frontend.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-13 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-13 107912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-13 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
S2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2007-11-06 21233]
S2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2007-11-06 19534]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-07 272128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S4 hpdj00;hpdj00;c:\docume~1\OWNER~1.STE\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series -product=aio --> c:\docume~1\OWNER~1.STE\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series -product=aio [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.STEVE\Application Data\Mozilla\Firefox\Profiles\ael2xack.default\
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - plugin: c:\documents and settings\Owner.STEVE\Application Data\Mozilla\Firefox\Profiles\ael2xack.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 19:02:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:24,42,a6,c6,90,d5,09,83,56,71,4a,c1,6c,ae,ff,cc,d0,e8,76,79,e0,97,50,
   11,f7,76,f5,0e,89,30,62,22,66,0e,27,a8,a1,ad,e3,b9,de,0d,62,96,19,aa,6e,2c,\
"??"=hex:bc,dc,a7,72,80,37,df,2e,5f,9f,d9,e9,74,d0,31,5d

[HKEY_USERS\S-1-5-21-1417001333-2077806209-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c2,3b,12,7b,6f,0f,39,ac,55,21,15,31,76,65,ad,3d,78,6f,0f,0a,4e,
   dc,fb,a3,f0,99,8d,f7,55,e7,39,3b,eb,77,e9,05,8e,91,69,50,48,1b,3c,b9,87,25,\
"rkeysecu"=hex:b2,b0,ea,ca,ed,ef,98,ba,72,a6,e3,d0,8b,87,ff,80
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-03-15 19:43:14
ComboFix-quarantined-files.txt  2009-03-15 23:43:12
ComboFix2.txt  2009-03-15 12:15:44

Pre-Run: 37,278,265,344 bytes free
Post-Run: 37,266,214,912 bytes free

164   --- E O F ---   2009-03-13 21:02:11

[evilfantasy]

That looks to have been a success.

How is the computer running now?

[piratesteve83]

no more ntvdm or any error messages.  the computer's working great!  still can be a little slow.  i've noticed that "System Idle Process" in the task manager is almost always above 95 percent.  wondering if there's any solution to that.  if so, do i need to make a new post in a relevant forum?  thanks so much for your help!

[evilfantasy]

Since System Idle Process is still high we should run a full virus scan to be sure we haven't missed anything.


• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
----------

Download

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.

----------


This scanner works with Internet Explorer only!

Scan with the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once BitDefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report



This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
 
You will have to upload the file online. The forums will not accept HTML.

Go to File Dropper

Click Upload
Locate the file and double click it.
Copy the link below Share This Link: and post it back here.

[piratesteve83]

i put 'Combofix /u' in the Run menu, and i got this message:

Windows cannot find 'Combofix".  Make sure you typed the name correctly, and then try again.  To search for a file, click the Start button, and then click Search.

this is strange to me since i can see it sitting there on my desktop.  can i just double click and run it, or will that make it run the whole analysis all over again instead of uninstalling?

[evilfantasy]

Do this instead.

Download OTCleanIt.exe and save it to your Desktop.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

[piratesteve83]

i had removed internet explorer from my computer some years ago, so i had to reinstall it.  when i finally opened it, it wouldn't let me use the link in your reply, and it wouldn't let me go to a new url using the url address bar.  weird.  anyway, i finally got to the bitdefender page and ran it.  so here's the url for the log:

http://www.filedropper.com/bitdefenderscan

the System Idle Process is still running at CPU 97 or so in the task manager, but i also noticed that the memory usage on it is only 16k.  so i don't know if that's really anything to worry about.

also, in firefox, when i click on the link to open an email in my hotmail, nothing happens.  when i try, the bottom left corner of the window says "javascript:;".  also, i have a blank dos window popping up at startup called "c:/windows/system32/cmd.exe".  it pops on the screen for a second or two, then disappears.  it then reappears a few seconds later and again disappears.  wondering if any of this is related to reinstalling internet explorer.

[evilfantasy]

That didn't find much.

What problems still remain?

[piratesteve83]

sorry, i just edited my last message to put more info in it. 

"the System Idle Process is still running at CPU 97 or so in the task manager, but i also noticed that the memory usage on it is only 16k.  so i don't know if that's really anything to worry about.

also, in firefox, when i click on the link to open an email in my hotmail, nothing happens.  when i try, the bottom left corner of the window says "javascript:;".  also, i have a blank dos window popping up at startup called "c:/windows/system32/cmd.exe".  it pops on the screen for a second or two, then disappears.  it then reappears a few seconds later and again disappears.  wondering if any of this is related to reinstalling internet explorer."

[evilfantasy]

Create An Uninstall List

• Start HijackThis
  
• Click on the Open the Misc Tools section
  
• Click on the Open Uninstall Manager button.
  
• Click on the Save list button and specify where you would like to save this file and click Save.
  • When you press Save button a notepad will open with the contents of that file.
• Copy and paste that list in your reply.

.
----------

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
----------

Follow the instructions on How to reset Internet Explorer settings: http://support.microsoft.com/kb/923737#DoItMyself

[piratesteve83]

so before i went through your directions, i tried uninstalling and then reinstalling internet explorer.  i then went through your directions.  there's no more cmd.exe at startup and all the links works in firefox.  yay!  System Idle Process is still running in the task manager up in the 90's (CPU) with a memory usage of 16k.  is that anything to worry about?

here is the uninstall list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3Com NIC Diagnostics
AC3Filter (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
AVG 8.5
AVIcodec (remove only)
Bonjour
Broadcom 440x Driver Installer
Broadcom Driver Installer
Broadcom Management Programs
CCleaner (remove only)
CDDRV_Installer
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DivX Codec
DivX Codec 3.1alpha release
Eusing Free Registry Cleaner
GoldWave v5.23
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP PSC & OfficeJet 4.7
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 12
KhalInstallWrapper
LimeWire 4.18.8
Logitech SetPoint
LucasArts' Monkey 4
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NETGEAR WG111v2 wireless USB 2.0 adapter
Nikon Message Center
Nikon Transfer
Picture Control Utility
PowerDVD 5.1
QuickSFV (Remove only)
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sonic RecordNow!
Sound Blaster Live!
Spy Sweeper
Spy Sweeper Core
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6e
ViewNX
WA Update v3.50 beta2
WD Diagnostics
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
Worms2
Xilisoft HD Video Converter
Xvid 1.1.3 final uninstall