My cousin recently started getting 2 error messages on her laptop, the first box which appears has this:

Message from System Alert. Stop! Windows requires immediate attention. Windows has found critical system error. Run registry repair from fixwin32.com. Failure to act now may lead to data loss and corruption.

When she closes that box this box opens:

Immediate registry scan recommended xxx.guardregistry.com

Thinking that these 2 were adwares, I used the search function in the registry and found a file named fixwin32 but nothing with "guard registry". I installed AVG free version for her and I am running a scan right now, if the scan doesn't come up with anything, what should I do here?

That PC is infected and it is fairly likely that AVG will not be able to clean it... You know the drill about posting a HJT log....

Alright alright, the malware gods are not letting up on me:) , looks like they want me to go all the way with this and I will. I will get on this from tomorow morning but there is one key piece of info I forgot to mention which is, she has this problem ONLY at her home, this is the 2nd time she brought the pc here and I have yet to see the messages which is why I asked her to write down the erorro messages for me, so now, what do you say is the story here? Also, the scan came up clean.

Just ran Smithfraudfix, turned up empty.

Scanned with Hijackthis and this is the log file


Logfile of HijackThis v1.99.1
Scan saved at 7:54:59 PM, on 10/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Windows\System32\ltmsg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\anganie\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0409/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/2Q00CPT/0409/bF7.asp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

She does not appear to have a firewall and she has a very outdated version of WinXP... It is amazing that this doesn't have even more problems... Are there multiple users on this PC and is this an admin account?? I don't know why those signs would show up at her house and not yours unless it is a different account... Those are clearly indications of infection...

no separate accounts here with this pc.

You probably need to run the scans at her house then... Move HJT to a permanent folder first though... it won't make backups when run from the zip file...

will do as soon as I get the chance to do this, maybe on the weekend, will get back to you.

Good news, scanned with SAS and found 7 infections, got rid of them and now no more error messages.