DDS (Ver_10-11-27.01) - NTFSx86
Run by Santina Crolla at 2:15:29.87 on 03/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.432 [GMT 0:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Santina Crolla.BENS\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Mirabilis ICQ] c:\program files\icq\ICQ.exe -minimize
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\santin~1.ben\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\santin~1.ben\applic~1\mozilla\firefox\profiles\6ue49nb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc680eb&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\mozilla firefox\extensions\hrfsdownloader@hrfs.com\components\HrfsFirefoxDownloader.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Extension: Download to online storage Plugin:
hrfsdownloader@hrfs.com - c:\program files\mozilla firefox\extensions\hrfsdownloader@hrfs.com
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter:
jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: AutocompletePro - Your handy search suggestions tool:
support@predictad.com - c:\program files\autocompletepro\support@predictad.com
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Extension: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\santin~1.ben\applic~1\mozilla\firefox\profiles\6ue49nb9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-13 71720]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 xvigqv;xvigqv;c:\windows\system32\drivers\jnlycr.sys --> c:\windows\system32\drivers\jnlycr.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-2 517448]
S3 hrfsmrx;hrfsmrx;c:\windows\system32\drivers\hrfsmrx.sys [2010-1-12 144624]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2008-4-6 196096]
S4 humyo.com;humyo.com;c:\program files\free virtual drive smartdrive\hrfscore.exe [2010-1-12 3186672]
=============== Created Last 30 ================
2010-12-03 01:06:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-03 01:06:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-03 01:06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 18:18:27 -------- d--h--w- C:\$AVG
2010-12-02 17:43:14 -------- d-----w- c:\docume~1\santin~1.ben\applic~1\AVG10
2010-12-02 17:41:31 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-12-02 17:41:12 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2010-12-02 17:39:30 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-02 17:39:30 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-12-02 17:26:09 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-23 15:16:34 -------- d-----w- c:\program files\RegTweaker
2010-11-13 23:31:50 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-13 22:52:24 647168 ------w- c:\windows\system32\hasp_windows.dll
2010-11-13 22:52:24 319488 ------w- c:\windows\system32\pavplal.dll
2010-11-13 22:52:24 143360 ------w- c:\windows\system32\pavedius5db.dll
2010-11-13 22:52:24 143360 ------w- c:\windows\system32\pavedius.dll
2010-11-13 22:52:23 6656 ------w- c:\windows\system32\paveno.dll
2010-11-13 22:52:23 462848 ------w- c:\windows\system32\pavapi.dll
2010-11-13 07:21:33 -------- d-----w- c:\docume~1\santin~1.ben\applic~1\Malwarebytes
2010-11-13 07:21:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-11-13 07:02:27 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools
2010-11-09 22:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-11-05 07:25:03 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-11-05 07:25:01 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-11-05 07:24:59 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-11-05 07:24:56 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-11-05 07:15:58 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-11-05 06:22:50 -------- d-----w- c:\program files\Macpower & Tytech Technology
==================== Find3M ====================
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87112446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87118504]; MOV EAX, [0x87118580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x870E1AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000069[0x870E7530]
5 ACPI[0xF733E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8716FD98]
\Driver\atapi[0x87133030] -> IRP_MJ_CREATE -> 0x87112446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST3120026A______________________________8.01____#4a343054464e514b202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x87112292
user != kernel MBR !!!
sectors 234441646 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 2:16:31.17 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-27.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 03/04/2008 20:28:28
System Uptime: 12/03/2010 01:35:49 (6385 hours ago)
Motherboard:
http://www.abit.com.tw/ | | AN52(MCP65)
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2209/201mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 46.353 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&23AC7881&0&5040
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&23AC7881&0&5040
Service: RTL8023xp
==== System Restore Points ===================
RP1040: 01/11/2010 21:12:22 - System Checkpoint
RP1041: 03/11/2010 01:14:25 - System Checkpoint
RP1042: 04/11/2010 02:12:28 - System Checkpoint
RP1043: 05/11/2010 05:25:47 - Installed ShowBiz DVD
RP1044: 05/11/2010 06:22:49 - Installed SmartAP
RP1045: 05/11/2010 06:34:23 - Installed ShowBiz DVD
RP1046: 05/11/2010 13:25:09 - Removed SmartAP
RP1047: 05/11/2010 13:28:39 - Installed SmartAP
RP1048: 06/11/2010 01:01:14 - Removed SmartAP
RP1049: 06/11/2010 01:17:25 - Installed SmartAP
RP1050: 07/11/2010 03:28:35 - System Checkpoint
RP1051: 08/11/2010 04:23:17 - System Checkpoint
RP1052: 09/11/2010 05:23:17 - System Checkpoint
RP1053: 10/11/2010 07:23:04 - System Checkpoint
RP1054: 12/11/2010 02:12:56 - System Checkpoint
RP1055: 13/11/2010 09:34:36 - System Checkpoint
RP1056: 14/11/2010 19:26:52 - System Checkpoint
RP1057: 15/11/2010 23:47:40 - System Checkpoint
RP1058: 17/11/2010 01:43:53 - System Checkpoint
RP1059: 18/11/2010 03:58:56 - System Checkpoint
RP1060: 19/11/2010 04:53:04 - System Checkpoint
RP1061: 23/11/2010 07:36:29 - System Checkpoint
RP1062: 24/11/2010 09:46:42 - System Checkpoint
RP1063: 25/11/2010 17:19:00 - System Checkpoint
RP1064: 01/12/2010 04:47:07 - System Checkpoint
RP1065: 02/12/2010 04:53:49 - System Checkpoint
RP1066: 02/12/2010 17:16:41 - Removed AVG Free 8.5
RP1067: 02/12/2010 17:19:10 - Installed AVG Free 8.5
RP1068: 02/12/2010 17:38:25 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1069: 02/12/2010 17:38:40 - Installed AVG 2011
RP1070: 02/12/2010 17:39:11 - Installed AVG 2011
==== Installed Programs ======================
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AMD Processor Driver
Apple Application Support
Apple Software Update
ArcSoft ShowBiz DVD 2
µTorrent
AutocompletePro
AVG 2011
AviSynth 2.5
Burn4Free CD & DVD 4.9.0.0
Click and Convert Device Driver
Core FTP LE 2.1
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PowerDirector
eBook Maestro FREE 1.80
EPSON TWAIN 5
Express Burn
Express Rip
FileZilla Client 3.3.3
Free Virtual Drive
GIMP 2.6.3
Golden Videos
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huffyuv AVI lossless video codec (Remove Only)
ICQ
ICQHomepage
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 4
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Animal Pack 1
LightScribe Template Designs - Architecture Pack 1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Athletic Pack 1
LightScribe Template Designs - Bonus Pack 1
LightScribe Template Designs - Bridal Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Celebration Pack 1
LightScribe Template Designs - Expressions
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Designs - Floral Pack 1
LightScribe Template Designs - Food-n-Family Pack 1
LightScribe Template Designs - Grab Bag Pack 1
LightScribe Template Designs - Hobby Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Kickin It Pack 1
LightScribe Template Designs - Kids Korner Pack 1
LightScribe Template Designs - Life Events Pack 1
LightScribe Template Designs - Music Pack 1
LightScribe Template Designs - Mythology Pack 1
LightScribe Template Designs - Nature Pack 1
LightScribe Template Designs - Quick and Simple Pack 1
LightScribe Template Designs - Seasonal Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Street Style Pack 1
LightScribe Template Designs - Tattoo Pack 1
LightScribe Template Designs - Tie The Knot
LightScribe Template Designs - Travel Pack 1
LightScribe Template Designs - Tribal Pack 1
LightScribe Template Designs - Urban Pack 1
LightScribe Template Designs - Wedding Pack 1
LightScribe Template Designs - Winter Whimsy
LightScribe Template Designs - With The Band
MainConcept DV Codec
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Free Web Site Builder
MySpaceIM
NCH Toolbox
Nero 7 Ultra Edition
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 2.4
PC Camera (6029 CIF)
Prism Video Converter
QuickTime
Realtek High Definition Audio Driver
SbookBuilder 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartAP
SmartSound Quicktracks Plugin
System Requirements Lab
TMPGEnc Authoring Works 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video mp3 Extractor
VideoPad Video Editor
VLC media player 1.1.3
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live SkyDrive Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
30/11/2010 22:02:17, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
30/11/2010 22:02:17, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
30/11/2010 22:02:17, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/11/2010 22:01:41, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
30/11/2010 21:49:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/11/2010 21:40:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
30/11/2010 20:15:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AvgLdx86 AvgMfx86 Fips
30/11/2010 11:28:13, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
30/11/2010 09:40:55, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/11/2010 01:16:11, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
26/11/2010 20:30:02, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
03/12/2010 00:40:11, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
01/12/2010 01:32:40, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00508D9E7479 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
01/12/2010 01:09:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/12/2010 00:39:04, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
01/12/2010 00:37:54, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the path specified.
==== End Of File ===========================
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=40dfadd4bf70194194d8f1e36a793b22
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-03 04:16:19
# local_time=2010-12-03 04:16:19 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 2 143097990 143097990 0 0
# compatibility_mode=1024 16777191 100 0 37371 37371 0 0
# compatibility_mode=8192 67108863 100 0 3801 3801 0 0
# compatibility_mode=9217 16777214 0 70 115742336 117957657 0 0
# scanned=151610
# found=27
# cleaned=0
# scan_time=4489
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCheck.exe probably a variant of Win32/Agent.IYWOFRM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCrack.exe probably a variant of Win32/Agent.LDGFZQM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At1.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At10.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At11.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At12.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At13.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At14.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At15.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At16.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At17.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At18.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At19.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At2.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At20.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At3.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At4.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At5.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At6.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At7.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At8.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At9.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.ini2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I