[Closed] The file avgcmgr.exe is infected.

Status
Not open for further replies.
T

tina97

Posts: 8   +0
Please help, I had the thinkpoint virus, which I managed to get rid of by renaming the hotfix.exe file to hotfix1.exe Ive been running Malwarebytes for a wk now followed by RegTweak and also freeAVG8 everyday but today I have been getting these warnings all day (*see below) and unable to open anything as the warning wont let me it pos up even for control panel. I have managed to download & rename & run HijackThis but the virus wont let me open Notepad so I can't copy & paste the log here, I can only attach it to this mssge. I'm really worried I will lose all my files if I reboot,so am sat here not knowing what to do next. Any helpwould be very much appreciated, thankyou.

"Security Warning: Application cannot be executed.The file avgcmgr.exe is infected. Do you want to activate your antivirus software now"

View attachment hijackthis.log
 
This is where you need to start for Think Point. You also need to run Malwarebytes as soon as possible. If necessary, download Mbam to a flash drive, then install it on the problem computer.

ThinkPoint is a rogue anti-spyware program that comes bundled with the fake Microsoft Security Essentials Alert. It will block task manager, registry editor and other tools too claiming that these tools were block due the security reasons and might be infected with malicious code.

The malware authors try to mimic legitimate programs in looks and what the action will be> that's why so many users get drawn into these programs. The main entry we see is hotfix.exe so we will stop it:

  1. Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  2. End Task
    Click on Start> Run> type in taskmgr> OK.
    Double click on the frame at the top of the Processes column to sort
    Find hotfix.exe and click to Highlight
    Click on End Task
  3. Unhide
    Click on Start> Search> All Files and Folders
    Go up to Tools> Folder Options
    Click on the View tab
    Check 'Show hidden files and folders'
    Uncheck 'Hide protected operating system files (Recommended)'
    Click on OK> Apply> OK
  4. Search
    Go to Search> 'all or part of the name'
    Type in hotfix.exe
    (It should be found in this folder: C:\Documents and Settings\User\Application Data\hotfix.exe
    Do a right click> Delete on the file
  5. Rehide the files and folders.
Close
===============================================
Reboot the computer back into Normal Mode
==============================================
There are Registry entries to remove as well and they can be done within another program. Let me know how far you get on the above. Some entries can be stopped using HijackThis. Please check and see if you can reopen HJT to 'do system scan only.' If you can, I'll give you a list of entries to remove.

Note: avgcmgr.exe It is a legitimate file used by AVG:
 
There is a lot of content in HJT that needs to be stopped. Most are malware. Some are auto-updaters or processes that start on boot and are running in the background but don't need to run unless you are actively using the program at that time:

Please reopen HijackThis to 'do system scan only.'. Check the following entries if present: The optional removals are coded in Green. They do not have to be stopped, but it is recommended to stop them while we are cleaning. None need to start on boot and run in the background. This will not uninstall or remove the program or process. All entries in BOLD Black must be checked for removal. Note: Do not click on FixAll until all of the entries tob e removed have been checked:

C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\TEMP\qfpuvuuas\tetghnmtsbl.exe
C:\Documents and Settings\Santina Crolla.BENS\My Documents\iexplore.exe
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freeworldgroup.com/games/santaballs/index.html"
O4 - Global Startup: Launcher.lnk = ?
-------------------------------------------------
SMARTAP.EXE has been seen to perform the following behavior:
  • Found on infected systems and resists interrogation by security products
  • Uses low level functions to hide itself from the user and from system/security processes
  • The Process is polymorphic and can change its structure
C:\Program Files\Macpower & Tytech Technology\SmartAP\SmartHDD.exe
C:\Program Files\Macpower & Tytech Technology\SmartAP\SmartAP.exe
-------------------------------------------------
The following are all recording related. They are not malware, but I recommend you stop them from running in the background
C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\WINDOWS\system32\bgsvcgen.exe
------------------------------------------------
The following are all related to Cyberlink
C:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
-----------------------------------------------
The The Smart Drive / humyo.com Ltd. are for an online backup service. I do not recommend that you use with while the system is infected.
C:\Program Files\Free Virtual Drive SmartDrive\HrfsClient.exe
C:\Program Files\Free Virtual Drive SmartDrive\hrfscore.exe
O2 - BHO: IEHelperObject - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\Free Virtual Drive SmartDrive\HrfsDownloader.dll
O4 - Global Startup: Free Virtual Drive SmartDrive.lnk = C:\Program Files\Free Virtual Drive SmartDrive\HrfsClient.exe
O4 - Global Startup: Free Virtual Drive.lnk = C:\Program Files\Free Virtual Drive SmartDrive\HrfsClient.exe
O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\Free Virtual Drive SmartDrive\hrfscore.exe
----------------------------------------------
These are a part of the Nero program and additional backup service:
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

When finished with all checking, close all Windows except HijackThis and click on "Fix Checked.:
Reboot the computer.
See if you can now do any of the functions that you could not do previously.

NOTE: mshta.exe is an Adult Content Dialer. You have 3 entries.
 
Thanks Bobbye, sorry it took me a while but whilst you sent your reply I was running Malwarebytes & then Avg in safe mode &it took hrs, they both found a trojan, I repaired one on Malwarebytes and Avg sent one to virus vault. I renamed hotfix & deleted it 2 wks ago and haven't found the file in Docs & settings/Users/Application Data since then however I did follow instructions again in safe mode & did not find hotfix.exe but realised that I didn't re-hide the files & folders so I did put a check in the box for that . I then rebooted in normal mode & re-ran Hijack This. I clicked fix/delete on most of the files you listed in HJT except I could not find the Windows/mshta.exe files so I assume they were deleted in either AVG or Malwarebytes when I ran them in safe mode. I'm able to use most functions now & the PC is running much faster but I am still unable to get IE running while the Windows Firewall is on, I am using Firefox at the moment so I'm hoping the next step with the registry will help get back IE. I have Reg Tweaker which I paid for & have been using for the past week,should I run that now or have you anything better? below is my new HJT log...I know it's late just reply when you can, thanks again for your help, you're a star ;-) kindest regards Tina97

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:48:09, on 01/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Santina Crolla.BENS\My Documents\iexplore.exe
C:\WINDOWS\System32\mshta.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8917 bytes
 
I just spotted that porn file Windows/System32/mshta.exe in this log ...oh dear I will have to look again & re-send the new HJT log...the 'My Documents/iexplore.exe' is Hijack This which I had to rename when the virus wouldn't let me access the file, so I will re-download that in it's correct name before I do anything and then fix/delete those two files.
 
I've noticed a couple of files I fixed/deleted from the first scan have re-appeared. Also, some of the files are hidden on the scan results (*see jpg image attached) but show on the log files,can I manually delete the hidden file Windows\system32\mshta.exe? I'm not sure how to get rid of it...so I will wait for your reply. New HijackThis LOG below,kindest regards Tina97

HJT scan.jpg

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:12:28, on 01/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\HijackThis.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 9011 bytes
 
Tina, you should not give 'your fix' to others. While it might have worked for you and while the other person may have the same or similar problem, it would be best if you let the helpers handle the guidance.
  1. About hotfix.exe> if you renamed the file but search for the original name, you won't find the file.
  2. About AVG: I note you still have v8. Make sure there is still support for that version because AVGv10 and v11 are out now.
  3. About HijackThis You have left 3 or 4 HJT logs. I asked for one, then gave a lit of entries to be checked. We don't use HJT to 'screen' for malware, so I would not have had you continue to scan with it at that point> I opened the log you left to see if any obvious entries needed to be removed .
  4. About removal of entries in the HijackThis log: when I give a list of entries to be checked and removed, it is based on what I see in the HJT log at that time. It is not uncommon to go back to the system scan and not find an entry- that's why the instructions say:
    Please reopen HijackThis to 'do system scan only.'. Check the following entries if present
    Click to expand...
  5. About Registry cleaners: Part of the initial instructions address this, but we haven't gotten there because you keep running HJT. If you want me to help you, you will need to follow my directions, step by step. As for Registry Tweaker, I recommend you uninstall it. Most of us do not recommend using a Registry cleaner. If you do ot want to uninstall it, Please disable it while I am helping you.
=======================================
I would have instructed you as follows:
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
=============================================
When you finish with the preliminary scans, you can go ahead with the following:
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please paste all logs in next reply. OK to use more than one post.
 
Yeah,sorry about that but I thought you wasn't coming back to help. I reinstalled the latest AVG2011, ran a full scan, 1 corrupt file was found and vaulted. I also reinstalled Malwarebytes from that 8 step page & I uninstalled my program RegTweaker. I followed the 8 step instructions & continued on with these instructions on this post up to the point of installing & running Combofix from 'Link2'. The first time I tried to run it I got an AVG popup warning me it was malware & I think it also went to the AVG Virus vault and AVG uninstalled it. I tried turning off AVG and download it again, tried to run it again & got another warning saying that AVG needs to be uninstalled off my computer to run Combofix, so I'm stuck at this point not knowing what to do :( do I need to install the "Microsoft Windows Recovery Console" myself first? if so how do I do that? or will Combofix install it for me when I have removed AVG? thanks again for helping, regards Tina

Malwarebytes' Anti-Malware 1.46
DB: 5159

IE: Internet Explorer 7.0.5730.13
OS: Windows 5.1.2600 Service Pack 3
EX: C:\Program Files\Malwarebytes' Anti-Malware\mbam
DB: C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

U: Santina Crolla

W: C:\WINDOWS

S: C:\WINDOWS\system32

RD: C:

PF: C:\Program Files

CF: C:\Program Files\Common Files

DAS: C:\Documents and Settings

D: C:\Documents and Settings\All Users.WINDOWS\Desktop
D: C:\Documents and Settings\All Users\Desktop
D: C:\Documents and Settings\Default User.WINDOWS\Desktop
D: C:\Documents and Settings\Default User\Desktop
D: C:\Documents and Settings\LogMeInRemoteUser.TINA\Desktop
D: C:\Documents and Settings\LogMeInRemoteUser\Desktop
D: C:\Documents and Settings\Santina Crolla.BENS\Desktop
D: C:\Documents and Settings\Santina Crolla\Desktop
D: C:\WINDOWS\system32\config\systemprofile\Desktop

SM: C:\Documents and Settings\All Users.WINDOWS\Start Menu
SM: C:\Documents and Settings\All Users\Start Menu
SM: C:\Documents and Settings\Default User.WINDOWS\Start Menu
SM: C:\Documents and Settings\Default User\Start Menu
SM: C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu
SM: C:\Documents and Settings\LogMeInRemoteUser.TINA\Start Menu
SM: C:\Documents and Settings\LogMeInRemoteUser\Start Menu
SM: C:\Documents and Settings\Santina Crolla.BENS\Start Menu
SM: C:\Documents and Settings\Santina Crolla\Start Menu
SM: C:\WINDOWS\system32\config\systemprofile\Start Menu

UR: C:\Documents and Settings\All Users
UR: C:\Documents and Settings\All Users.WINDOWS
UR: C:\Documents and Settings\Default User
UR: C:\Documents and Settings\Default User.WINDOWS
UR: C:\Documents and Settings\LocalService
UR: C:\Documents and Settings\LocalService.NT AUTHORITY
UR: C:\Documents and Settings\LogMeInRemoteUser
UR: C:\Documents and Settings\LogMeInRemoteUser.TINA
UR: C:\Documents and Settings\NetworkService
UR: C:\Documents and Settings\NetworkService.NT AUTHORITY
UR: C:\Documents and Settings\SANTIN~1~BEN
UR: C:\Documents and Settings\Santina Crolla
UR: C:\Documents and Settings\Santina Crolla.BENS
UR: C:\WINDOWS\system32\config\systemprofile

F: C:\Documents and Settings\All Users.WINDOWS\Favorites
F: C:\Documents and Settings\All Users\Favorites
F: C:\Documents and Settings\Default User.WINDOWS\Favorites
F: C:\Documents and Settings\Default User\Favorites
F: C:\Documents and Settings\LogMeInRemoteUser.TINA\Favorites
F: C:\Documents and Settings\LogMeInRemoteUser\Favorites
F: C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
F: C:\Documents and Settings\Santina Crolla.BENS\Favorites
F: C:\Documents and Settings\Santina Crolla\Favorites
F: C:\WINDOWS\system32\config\systemprofile\Favorites

AD: C:\Documents and Settings\All Users.WINDOWS\Application Data
AD: C:\Documents and Settings\Santina Crolla.BENS\Application Data
AD: C:\Documents and Settings\All Users\Application Data
AD: C:\Documents and Settings\Default User.WINDOWS\Application Data
AD: C:\Documents and Settings\Default User\Application Data
AD: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
AD: C:\Documents and Settings\LocalService\Application Data
AD: C:\Documents and Settings\LogMeInRemoteUser.TINA\Application Data
AD: C:\Documents and Settings\LogMeInRemoteUser\Application Data
AD: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
AD: C:\Documents and Settings\NetworkService\Application Data
AD: C:\Documents and Settings\Santina Crolla\Application Data
AD: C:\WINDOWS\system32\config\systemprofile\Application Data

QL: C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\LogMeInRemoteUser.TINA\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Santina Crolla.BENS\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Santina Crolla\Application Data\Microsoft\Internet Explorer\Quick Launch

TF: C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp
TF: C:\Documents and Settings\Default User\Local Settings\Temp
TF: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp
TF: C:\Documents and Settings\LocalService\Local Settings\Temp
TF: C:\Documents and Settings\LogMeInRemoteUser.TINA\Local Settings\Temp
TF: C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Temp
TF: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
TF: C:\Documents and Settings\NetworkService\Local Settings\Temp
TF: C:\Documents and Settings\Santina Crolla.BENS\Local Settings\Temp
TF: C:\Documents and Settings\Santina Crolla\Local Settings\Temp
TF: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp
TF: C:\WINDOWS\Temp

P: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs
P: C:\Documents and Settings\All Users\Start Menu\Programs
P: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs
P: C:\Documents and Settings\Default User\Start Menu\Programs
P: C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu\Programs
P: C:\Documents and Settings\LogMeInRemoteUser.TINA\Start Menu\Programs
P: C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs
P: C:\Documents and Settings\Santina Crolla.BENS\Start Menu\Programs
P: C:\Documents and Settings\Santina Crolla\Start Menu\Programs
P: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs

S: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
S: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
S: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup
S: C:\Documents and Settings\Default User\Start Menu\Programs\Startup
S: C:\Documents and Settings\LogMeInRemoteUser.TINA\Start Menu\Programs\Startup
S: C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup
S: C:\Documents and Settings\Santina Crolla.BENS\Start Menu\Programs\Startup
S: C:\Documents and Settings\Santina Crolla\Start Menu\Programs\Startup
S: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup

D: C:\Documents and Settings\All Users.WINDOWS\Documents
D: C:\Documents and Settings\All Users\Documents
D: C:\Documents and Settings\Default User.WINDOWS\My Documents
D: C:\Documents and Settings\Default User\My Documents
D: C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents
D: C:\Documents and Settings\LogMeInRemoteUser.TINA\My Documents
D: C:\Documents and Settings\LogMeInRemoteUser\My Documents
D: C:\Documents and Settings\Santina Crolla.BENS\My Documents
D: C:\Documents and Settings\Santina Crolla\My Documents
D: C:\WINDOWS\system32\config\systemprofile\My Documents

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-03 01:54:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3120026A rev.8.01
Running: rh2l3y6g.exe; Driver: C:\DOCUME~1\SANTIN~1.BEN\LOCALS~1\Temp\pxtdipoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 87112292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 87112292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 87112292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 87112292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 87112292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-17 87112292

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST3120026A______________________________8.01____#4a343054464e514b202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-11-27.01) - NTFSx86
Run by Santina Crolla at 2:15:29.87 on 03/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.432 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Santina Crolla.BENS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Mirabilis ICQ] c:\program files\icq\ICQ.exe -minimize
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\santin~1.ben\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\santin~1.ben\applic~1\mozilla\firefox\profiles\6ue49nb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc680eb&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\mozilla firefox\extensions\hrfsdownloader@hrfs.com\components\HrfsFirefoxDownloader.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Extension: Download to online storage Plugin: hrfsdownloader@hrfs.com - c:\program files\mozilla firefox\extensions\hrfsdownloader@hrfs.com
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: AutocompletePro - Your handy search suggestions tool: support@predictad.com - c:\program files\autocompletepro\support@predictad.com
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Extension: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\santin~1.ben\applic~1\mozilla\firefox\profiles\6ue49nb9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-13 71720]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 xvigqv;xvigqv;c:\windows\system32\drivers\jnlycr.sys --> c:\windows\system32\drivers\jnlycr.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-2 517448]
S3 hrfsmrx;hrfsmrx;c:\windows\system32\drivers\hrfsmrx.sys [2010-1-12 144624]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2008-4-6 196096]
S4 humyo.com;humyo.com;c:\program files\free virtual drive smartdrive\hrfscore.exe [2010-1-12 3186672]

=============== Created Last 30 ================

2010-12-03 01:06:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-03 01:06:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-03 01:06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 18:18:27 -------- d--h--w- C:\$AVG
2010-12-02 17:43:14 -------- d-----w- c:\docume~1\santin~1.ben\applic~1\AVG10
2010-12-02 17:41:31 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-12-02 17:41:12 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2010-12-02 17:39:30 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-02 17:39:30 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-12-02 17:26:09 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-23 15:16:34 -------- d-----w- c:\program files\RegTweaker
2010-11-13 23:31:50 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-13 22:52:24 647168 ------w- c:\windows\system32\hasp_windows.dll
2010-11-13 22:52:24 319488 ------w- c:\windows\system32\pavplal.dll
2010-11-13 22:52:24 143360 ------w- c:\windows\system32\pavedius5db.dll
2010-11-13 22:52:24 143360 ------w- c:\windows\system32\pavedius.dll
2010-11-13 22:52:23 6656 ------w- c:\windows\system32\paveno.dll
2010-11-13 22:52:23 462848 ------w- c:\windows\system32\pavapi.dll
2010-11-13 07:21:33 -------- d-----w- c:\docume~1\santin~1.ben\applic~1\Malwarebytes
2010-11-13 07:21:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-11-13 07:02:27 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools
2010-11-09 22:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-11-05 07:25:03 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-11-05 07:25:01 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-11-05 07:24:59 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-11-05 07:24:56 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-11-05 07:15:58 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-11-05 06:22:50 -------- d-----w- c:\program files\Macpower & Tytech Technology

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87112446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87118504]; MOV EAX, [0x87118580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x870E1AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000069[0x870E7530]
5 ACPI[0xF733E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8716FD98]
\Driver\atapi[0x87133030] -> IRP_MJ_CREATE -> 0x87112446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST3120026A______________________________8.01____#4a343054464e514b202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x87112292
user != kernel MBR !!!
sectors 234441646 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 2:16:31.17 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 03/04/2008 20:28:28
System Uptime: 12/03/2010 01:35:49 (6385 hours ago)

Motherboard: http://www.abit.com.tw/ | | AN52(MCP65)
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2209/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 46.353 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&23AC7881&0&5040
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&23AC7881&0&5040
Service: RTL8023xp

==== System Restore Points ===================

RP1040: 01/11/2010 21:12:22 - System Checkpoint
RP1041: 03/11/2010 01:14:25 - System Checkpoint
RP1042: 04/11/2010 02:12:28 - System Checkpoint
RP1043: 05/11/2010 05:25:47 - Installed ShowBiz DVD
RP1044: 05/11/2010 06:22:49 - Installed SmartAP
RP1045: 05/11/2010 06:34:23 - Installed ShowBiz DVD
RP1046: 05/11/2010 13:25:09 - Removed SmartAP
RP1047: 05/11/2010 13:28:39 - Installed SmartAP
RP1048: 06/11/2010 01:01:14 - Removed SmartAP
RP1049: 06/11/2010 01:17:25 - Installed SmartAP
RP1050: 07/11/2010 03:28:35 - System Checkpoint
RP1051: 08/11/2010 04:23:17 - System Checkpoint
RP1052: 09/11/2010 05:23:17 - System Checkpoint
RP1053: 10/11/2010 07:23:04 - System Checkpoint
RP1054: 12/11/2010 02:12:56 - System Checkpoint
RP1055: 13/11/2010 09:34:36 - System Checkpoint
RP1056: 14/11/2010 19:26:52 - System Checkpoint
RP1057: 15/11/2010 23:47:40 - System Checkpoint
RP1058: 17/11/2010 01:43:53 - System Checkpoint
RP1059: 18/11/2010 03:58:56 - System Checkpoint
RP1060: 19/11/2010 04:53:04 - System Checkpoint
RP1061: 23/11/2010 07:36:29 - System Checkpoint
RP1062: 24/11/2010 09:46:42 - System Checkpoint
RP1063: 25/11/2010 17:19:00 - System Checkpoint
RP1064: 01/12/2010 04:47:07 - System Checkpoint
RP1065: 02/12/2010 04:53:49 - System Checkpoint
RP1066: 02/12/2010 17:16:41 - Removed AVG Free 8.5
RP1067: 02/12/2010 17:19:10 - Installed AVG Free 8.5
RP1068: 02/12/2010 17:38:25 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1069: 02/12/2010 17:38:40 - Installed AVG 2011
RP1070: 02/12/2010 17:39:11 - Installed AVG 2011

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AMD Processor Driver
Apple Application Support
Apple Software Update
ArcSoft ShowBiz DVD 2
µTorrent
AutocompletePro
AVG 2011
AviSynth 2.5
Burn4Free CD & DVD 4.9.0.0
Click and Convert Device Driver
Core FTP LE 2.1
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PowerDirector
eBook Maestro FREE 1.80
EPSON TWAIN 5
Express Burn
Express Rip
FileZilla Client 3.3.3
Free Virtual Drive
GIMP 2.6.3
Golden Videos
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huffyuv AVI lossless video codec (Remove Only)
ICQ
ICQHomepage
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 4
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Animal Pack 1
LightScribe Template Designs - Architecture Pack 1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Athletic Pack 1
LightScribe Template Designs - Bonus Pack 1
LightScribe Template Designs - Bridal Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Celebration Pack 1
LightScribe Template Designs - Expressions
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Designs - Floral Pack 1
LightScribe Template Designs - Food-n-Family Pack 1
LightScribe Template Designs - Grab Bag Pack 1
LightScribe Template Designs - Hobby Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Kickin It Pack 1
LightScribe Template Designs - Kids Korner Pack 1
LightScribe Template Designs - Life Events Pack 1
LightScribe Template Designs - Music Pack 1
LightScribe Template Designs - Mythology Pack 1
LightScribe Template Designs - Nature Pack 1
LightScribe Template Designs - Quick and Simple Pack 1
LightScribe Template Designs - Seasonal Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Street Style Pack 1
LightScribe Template Designs - Tattoo Pack 1
LightScribe Template Designs - Tie The Knot
LightScribe Template Designs - Travel Pack 1
LightScribe Template Designs - Tribal Pack 1
LightScribe Template Designs - Urban Pack 1
LightScribe Template Designs - Wedding Pack 1
LightScribe Template Designs - Winter Whimsy
LightScribe Template Designs - With The Band
MainConcept DV Codec
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Free Web Site Builder
MySpaceIM
NCH Toolbox
Nero 7 Ultra Edition
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 2.4
PC Camera (6029 CIF)
Prism Video Converter
QuickTime
Realtek High Definition Audio Driver
SbookBuilder 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartAP
SmartSound Quicktracks Plugin
System Requirements Lab
TMPGEnc Authoring Works 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video mp3 Extractor
VideoPad Video Editor
VLC media player 1.1.3
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live SkyDrive Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

30/11/2010 22:02:17, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
30/11/2010 22:02:17, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
30/11/2010 22:02:17, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/11/2010 22:01:41, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
30/11/2010 21:49:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/11/2010 21:40:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
30/11/2010 20:15:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AvgLdx86 AvgMfx86 Fips
30/11/2010 11:28:13, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
30/11/2010 09:40:55, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/11/2010 01:16:11, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
26/11/2010 20:30:02, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
03/12/2010 00:40:11, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
03/12/2010 00:40:11, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
01/12/2010 01:32:40, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00508D9E7479 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
01/12/2010 01:09:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/12/2010 00:39:04, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
01/12/2010 00:37:54, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=40dfadd4bf70194194d8f1e36a793b22
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-03 04:16:19
# local_time=2010-12-03 04:16:19 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 2 143097990 143097990 0 0
# compatibility_mode=1024 16777191 100 0 37371 37371 0 0
# compatibility_mode=8192 67108863 100 0 3801 3801 0 0
# compatibility_mode=9217 16777214 0 70 115742336 117957657 0 0
# scanned=151610
# found=27
# cleaned=0
# scan_time=4489
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCheck.exe probably a variant of Win32/Agent.IYWOFRM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCrack.exe probably a variant of Win32/Agent.LDGFZQM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Santina Crolla.BENS\My Documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At1.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At10.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At11.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At12.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At13.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At14.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At15.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At16.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At17.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At18.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At19.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At2.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At20.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At3.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At4.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At5.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At6.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At7.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At8.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINDOWS\Tasks\At9.job Win32/Adware.FakeAntiSpy.O application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINNT\system32\edeeg.ini2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
 
The reason your system isn't working well is because it's pirated.

My Documents\Downloads\Make Your Windows Genuine - For XP,Server 2003,
VistaCrack.exe
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
The MyHouse Doom 2 mod is a masterpiece of creepy map editing
Replies
4
Views
770
loki1944
L
Humza
WD asks users to unplug their My Book Live drives from the internet following mass data...
Replies
22
Views
3K
captaincranky
captaincranky
N
An error occurred applying attributes to the file. Access is denied?
Replies
2
Views
4K
DelJo63
D

Latest posts

Back