snowscreen
Posts: 19 +0
Hi,
Problem has just came on today out of nowhere...
It's an old HP desktop PC, 1gb ram, Windows XP SP 2
AVG doesn't find anything and malwarebytes only found a little adware.
It's my otherhalfs parents PC who have been away so i've been using it to check his emails/run his business. PC was fine yesterday but on turning it on today I was greeted by the dialog box saying - "the application or dll is not a valid windows image. please check this against your installation diskette"
This happens with each program I open, it happens on the windows start up screen a couple of times when selecting which user to log in as, then comes up alot when the PC has started up
I've noticed in msconfig that there is 2 odd looking entries, If I uncheck them and restart, when I go back into msconfig they are back again and checked
'Start Item' and 'Command' heading = load of oriental characters
(2 lines with 2 squares, 2 lines with 6 squares, Start + Command are the same on each line)
Under 'Location' heading;
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Run
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Load
I've followed the 8 step removal guidelines so please could someone view my logs below, be greatly appreciated
*****
MalwareBytes Log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
03/12/2010 23:10:14
mbam-log-2010-12-03 (23-10-14).txt
Scan type: Quick scan
Objects scanned: 176282
Time elapsed: 2 hour(s), 6 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\Nicola\application data\starware368 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\browsersearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch (Adware.Starware) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Nicola\application data\starware368\browsersearch\browsersearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\browsersearch\browsersearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6\button_6options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6\button_6options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7\button_7options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7\button_7options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8\button_8options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8\button_8options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator\configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator\configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download\downloadoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download\downloadoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch\errorsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch\errorsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts\toolbarlayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts\toolbarlayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics\lyricsoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics\lyricsoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager\manageroptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager\manageroptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search\music_searchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search\music_searchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK\radio_ukoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK\radio_ukoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch\relatedsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch\relatedsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar\tbproductsoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar\tbproductsoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo\toolbarlogooptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo\toolbarlogooptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch\toolbarsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch\toolbarsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch\travelsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch\travelsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
GMER LOG *******
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-04 00:20:19
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.08
Running: GMER.exe; Driver: C:\DOCUME~1\Keith\LOCALS~1\Temp\pwdyypob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
****
DDS.txt
DDS (Ver_10-11-27.01) - NTFSx86
Run by Keith at 0:22:57.81 on 04/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.361 [GMT 0:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\C0130Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Keith\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = bt.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program
files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program
files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program
files\avg\avg10\toolbar\IEToolbar.dll
uWindows: load=U??
?, ?
uWindows: Run=U??
?, ?
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {96fd54c8-037e-4586-a8ff-3e71cb1e3800} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {D3CD283D-58AA-4FD8-93C9-BDEB288398EE} - No File
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program
files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No File
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [C0130Mon.exe] c:\windows\C0130Mon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program
files\java\jre1.6.0_01\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://niknak694.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129224412609
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -
hxxp://msnuk.oberon-media.com/online2/MSN_INTL_UK/diner_dash/DinerDash.1.0.0.80.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: geBrppNg - geBrppNg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: suvauk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnlkIby
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe
c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet
explorer\clrtour.inf,DefaultInstall.ResetTour,,12
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-5-13 12160]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-5-20 31616]
R3 VC0130Afx;VC130 Audio FX;c:\windows\system32\drivers\C0130Afx.sys [2008-5-20 142656]
R3 VC0130Aud;VC0130 Audio;c:\windows\system32\drivers\C0130Aud.sys [2008-5-20 94976]
R3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\drivers\C0130Vid.sys [2008-5-20 690528]
R3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\drivers\C0130Vfx.sys [2008-5-20 6912]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-20
517448]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-5-13 7040]
=============== Created Last 30 ================
2010-12-03 20:27:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2010-12-03 20:26:50 -------- d-----w- c:\docume~1\keith\locals~1\applic~1\PC_Drivers_Headquarters
2010-12-03 20:26:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Mender
2010-12-03 20:22:12 -------- d-----w- c:\program files\Driver Mender
2010-12-03 18:08:08 20 ----a-w- c:\windows\system32\SUVAUK.DLL
==================== Find3M ====================
============= FINISH: 0:24:45.75 ===============
***
attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-27.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/10/2005 19:43:38
System Uptime: 12/04/2010 00:14:36 (5664 hours ago)
Motherboard: | | P4i65G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 2999/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 2999/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.298 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1308: 06/09/2010 07:23:01 - System Checkpoint
RP1309: 07/09/2010 08:37:30 - System Checkpoint
RP1310: 08/09/2010 08:39:37 - System Checkpoint
RP1311: 09/09/2010 08:56:39 - Avg Update
RP1312: 10/09/2010 10:42:43 - System Checkpoint
RP1313: 13/09/2010 11:24:29 - System Checkpoint
RP1314: 14/09/2010 12:04:46 - System Checkpoint
RP1315: 15/09/2010 12:51:18 - System Checkpoint
RP1316: 15/09/2010 20:50:14 - Software Distribution Service 3.0
RP1317: 17/09/2010 07:35:33 - System Checkpoint
RP1318: 18/09/2010 17:18:51 - System Checkpoint
RP1319: 19/09/2010 18:14:00 - System Checkpoint
RP1320: 21/09/2010 08:33:07 - System Checkpoint
RP1321: 22/09/2010 16:33:37 - System Checkpoint
RP1322: 23/09/2010 11:39:55 - Avg Update
RP1323: 23/09/2010 11:42:06 - Avg Update
RP1324: 24/09/2010 12:04:16 - System Checkpoint
RP1325: 29/09/2010 10:53:20 - System Checkpoint
RP1326: 30/09/2010 12:04:10 - System Checkpoint
RP1327: 01/10/2010 17:41:22 - System Checkpoint
RP1328: 03/10/2010 15:02:23 - System Checkpoint
RP1329: 04/10/2010 15:20:30 - System Checkpoint
RP1330: 05/10/2010 08:14:25 - Avg Update
RP1331: 06/10/2010 09:51:16 - System Checkpoint
RP1332: 07/10/2010 16:57:05 - System Checkpoint
RP1333: 08/10/2010 16:59:55 - System Checkpoint
RP1334: 10/10/2010 09:35:18 - System Checkpoint
RP1335: 11/10/2010 10:01:59 - System Checkpoint
RP1336: 12/10/2010 12:19:16 - System Checkpoint
RP1337: 13/10/2010 13:34:46 - System Checkpoint
RP1338: 14/10/2010 10:26:21 - Software Distribution Service 3.0
RP1339: 17/10/2010 13:30:21 - System Checkpoint
RP1340: 18/10/2010 18:23:48 - System Checkpoint
RP1341: 20/10/2010 08:27:23 - System Checkpoint
RP1342: 20/10/2010 09:58:10 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1343: 20/10/2010 09:59:33 - Installed AVG 2011
RP1344: 20/10/2010 10:04:02 - Removed AVG 2011
RP1345: 20/10/2010 10:09:32 - Removed AVG Free 9.0
RP1346: 20/10/2010 11:02:07 - Installed AVG Free 9.0
RP1347: 20/10/2010 11:29:35 - Installed AVG 2011
RP1348: 20/10/2010 11:31:30 - Installed AVG 2011
RP1349: 25/10/2010 07:51:50 - System Checkpoint
RP1350: 26/10/2010 10:47:43 - System Checkpoint
RP1351: 27/10/2010 13:16:30 - System Checkpoint
RP1352: 28/10/2010 13:39:15 - System Checkpoint
RP1353: 31/10/2010 08:53:08 - System Checkpoint
RP1354: 01/11/2010 11:38:03 - System Checkpoint
RP1355: 03/11/2010 07:36:29 - System Checkpoint
RP1356: 04/11/2010 13:07:19 - System Checkpoint
RP1357: 05/11/2010 13:39:17 - System Checkpoint
RP1358: 09/11/2010 19:04:31 - System Checkpoint
RP1359: 10/11/2010 08:40:33 - Software Distribution Service 3.0
RP1360: 12/11/2010 14:00:01 - System Checkpoint
RP1361: 17/11/2010 21:14:33 - System Checkpoint
RP1362: 19/11/2010 18:08:39 - System Checkpoint
RP1363: 21/11/2010 12:46:57 - System Checkpoint
RP1364: 23/11/2010 19:04:38 - System Checkpoint
RP1365: 24/11/2010 19:06:10 - System Checkpoint
RP1366: 28/11/2010 15:46:38 - System Checkpoint
RP1367: 29/11/2010 18:08:40 - System Checkpoint
RP1368: 30/11/2010 18:55:05 - System Checkpoint
RP1369: 01/12/2010 19:59:29 - System Checkpoint
RP1370: 03/12/2010 19:33:56 - System Checkpoint
RP1371: 03/12/2010 20:22:09 - Installed Driver Mender.
==== Installed Programs ======================
360Share Pro(remove only)
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 2000
AVG 2011
AVG PC Tuneup 2011
Bluetooth Stack for Windows by Technika
Bonjour
BT Broadband Desktop Help
BT Yahoo! Applications
BTHomeHub
BTTotalBroadband210
C-Media 3D Audio
Canon ScanGear Toolbox 3.1
CCleaner
Creative Jukebox Driver
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam Notebook Ultra Driver (1.03.03.00)
Creative Live! Cam Notebook Ultra User's Guide (English)
Creative MediaSource
Creative Photo Manager
Creative Removable Disk Manager
Creative Software AutoUpdate
Creative System Information
Creative Zen Micro
Critical Update for Windows Media Player 11 (KB959772)
Driver Mender
EAF
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
Freecom Backup Software 1.15
Freecom Personal Media Suite 2.24
FrostWire 4.13.5
FUJIFILM USB Driver
Google Earth
Google Update Helper
GoToAssist Corporate
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
iPod for Windows 2005-09-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
LaserJet 1018
LightScribe 1.4.136.1
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muveeNow 2.0 - Creative
Nero - Burning Rom
Nero 7 Essentials
OLYMPUS CAMEDIA Master 4.1
OmniPage Pro 9.0
OutlookSpy
Picasa 2
PowerDVD
QuickTime
Safari
Sage Accounts V11.01
Sage MIS 3.01
SageAcc
Scan Manager 5.2
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SightSpeed (remove only)
Skype™ 4.2
TomTom HOME 2.7.4.1962
TomTom HOME Visual Studio Merge Modules
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 14.5
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
04/12/2010 00:16:41, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2
00000000, parameter3 00000000, parameter4 00000000.
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Yahoo! Updater service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The TomTomHOMEService service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The McciCMService service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Creative Service for CDROM Access
service terminated unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Bonjour Service service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7031] - The Apple Mobile Device service
terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.
03/12/2010 23:13:21, error: Service Control Manager [7026] - The following boot-start or system-start
driver(s) failed to load: IntelIde
02/12/2010 07:38:03, error: Service Control Manager [7023] - The HID Input Service service terminated
with the following error: The specified module could not be found.
02/12/2010 07:38:03, error: Service Control Manager [7000] - The Parallel port driver service failed
to start due to the following error: The service cannot be started, either because it is disabled or
because it has no enabled devices associated with it.
==== End Of File ===========================
Thanks
Problem has just came on today out of nowhere...
It's an old HP desktop PC, 1gb ram, Windows XP SP 2
AVG doesn't find anything and malwarebytes only found a little adware.
It's my otherhalfs parents PC who have been away so i've been using it to check his emails/run his business. PC was fine yesterday but on turning it on today I was greeted by the dialog box saying - "the application or dll is not a valid windows image. please check this against your installation diskette"
This happens with each program I open, it happens on the windows start up screen a couple of times when selecting which user to log in as, then comes up alot when the PC has started up
I've noticed in msconfig that there is 2 odd looking entries, If I uncheck them and restart, when I go back into msconfig they are back again and checked
'Start Item' and 'Command' heading = load of oriental characters
(2 lines with 2 squares, 2 lines with 6 squares, Start + Command are the same on each line)
Under 'Location' heading;
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Run
HKCU\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\Windows:Load
I've followed the 8 step removal guidelines so please could someone view my logs below, be greatly appreciated
*****
MalwareBytes Log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
03/12/2010 23:10:14
mbam-log-2010-12-03 (23-10-14).txt
Scan type: Quick scan
Objects scanned: 176282
Time elapsed: 2 hour(s), 6 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\Nicola\application data\starware368 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\browsersearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch (Adware.Starware) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Nicola\application data\starware368\browsersearch\browsersearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\browsersearch\browsersearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6\button_6options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_6\button_6options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7\button_7options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_7\button_7options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8\button_8options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Button_8\button_8options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator\configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\configurator\configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download\downloadoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Download\downloadoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch\errorsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\errorsearch\errorsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts\toolbarlayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Layouts\toolbarlayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics\lyricsoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Lyrics\lyricsoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager\manageroptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Manager\manageroptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search\music_searchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\music_search\music_searchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK\radio_ukoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Radio_UK\radio_ukoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch\relatedsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\relatedsearch\relatedsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar\tbproductsoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\Toolbar\tbproductsoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo\toolbarlogooptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarlogo\toolbarlogooptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch\toolbarsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\toolbarsearch\toolbarsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch\travelsearchoptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Nicola\application data\starware368\travelsearch\travelsearchoptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
GMER LOG *******
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-04 00:20:19
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.08
Running: GMER.exe; Driver: C:\DOCUME~1\Keith\LOCALS~1\Temp\pwdyypob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
****
DDS.txt
DDS (Ver_10-11-27.01) - NTFSx86
Run by Keith at 0:22:57.81 on 04/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.361 [GMT 0:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\C0130Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Keith\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = bt.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program
files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program
files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program
files\avg\avg10\toolbar\IEToolbar.dll
uWindows: load=U??
?, ?
uWindows: Run=U??
?, ?
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {96fd54c8-037e-4586-a8ff-3e71cb1e3800} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {D3CD283D-58AA-4FD8-93C9-BDEB288398EE} - No File
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program
files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No File
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [C0130Mon.exe] c:\windows\C0130Mon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program
files\java\jre1.6.0_01\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://niknak694.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129224412609
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -
hxxp://msnuk.oberon-media.com/online2/MSN_INTL_UK/diner_dash/DinerDash.1.0.0.80.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: geBrppNg - geBrppNg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: suvauk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnlkIby
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe
c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet
explorer\clrtour.inf,DefaultInstall.ResetTour,,12
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-5-13 12160]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-5-20 31616]
R3 VC0130Afx;VC130 Audio FX;c:\windows\system32\drivers\C0130Afx.sys [2008-5-20 142656]
R3 VC0130Aud;VC0130 Audio;c:\windows\system32\drivers\C0130Aud.sys [2008-5-20 94976]
R3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\drivers\C0130Vid.sys [2008-5-20 690528]
R3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\drivers\C0130Vfx.sys [2008-5-20 6912]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-20
517448]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-5-13 7040]
=============== Created Last 30 ================
2010-12-03 20:27:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2010-12-03 20:26:50 -------- d-----w- c:\docume~1\keith\locals~1\applic~1\PC_Drivers_Headquarters
2010-12-03 20:26:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Mender
2010-12-03 20:22:12 -------- d-----w- c:\program files\Driver Mender
2010-12-03 18:08:08 20 ----a-w- c:\windows\system32\SUVAUK.DLL
==================== Find3M ====================
============= FINISH: 0:24:45.75 ===============
***
attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-27.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/10/2005 19:43:38
System Uptime: 12/04/2010 00:14:36 (5664 hours ago)
Motherboard: | | P4i65G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 2999/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 2999/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.298 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1308: 06/09/2010 07:23:01 - System Checkpoint
RP1309: 07/09/2010 08:37:30 - System Checkpoint
RP1310: 08/09/2010 08:39:37 - System Checkpoint
RP1311: 09/09/2010 08:56:39 - Avg Update
RP1312: 10/09/2010 10:42:43 - System Checkpoint
RP1313: 13/09/2010 11:24:29 - System Checkpoint
RP1314: 14/09/2010 12:04:46 - System Checkpoint
RP1315: 15/09/2010 12:51:18 - System Checkpoint
RP1316: 15/09/2010 20:50:14 - Software Distribution Service 3.0
RP1317: 17/09/2010 07:35:33 - System Checkpoint
RP1318: 18/09/2010 17:18:51 - System Checkpoint
RP1319: 19/09/2010 18:14:00 - System Checkpoint
RP1320: 21/09/2010 08:33:07 - System Checkpoint
RP1321: 22/09/2010 16:33:37 - System Checkpoint
RP1322: 23/09/2010 11:39:55 - Avg Update
RP1323: 23/09/2010 11:42:06 - Avg Update
RP1324: 24/09/2010 12:04:16 - System Checkpoint
RP1325: 29/09/2010 10:53:20 - System Checkpoint
RP1326: 30/09/2010 12:04:10 - System Checkpoint
RP1327: 01/10/2010 17:41:22 - System Checkpoint
RP1328: 03/10/2010 15:02:23 - System Checkpoint
RP1329: 04/10/2010 15:20:30 - System Checkpoint
RP1330: 05/10/2010 08:14:25 - Avg Update
RP1331: 06/10/2010 09:51:16 - System Checkpoint
RP1332: 07/10/2010 16:57:05 - System Checkpoint
RP1333: 08/10/2010 16:59:55 - System Checkpoint
RP1334: 10/10/2010 09:35:18 - System Checkpoint
RP1335: 11/10/2010 10:01:59 - System Checkpoint
RP1336: 12/10/2010 12:19:16 - System Checkpoint
RP1337: 13/10/2010 13:34:46 - System Checkpoint
RP1338: 14/10/2010 10:26:21 - Software Distribution Service 3.0
RP1339: 17/10/2010 13:30:21 - System Checkpoint
RP1340: 18/10/2010 18:23:48 - System Checkpoint
RP1341: 20/10/2010 08:27:23 - System Checkpoint
RP1342: 20/10/2010 09:58:10 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1343: 20/10/2010 09:59:33 - Installed AVG 2011
RP1344: 20/10/2010 10:04:02 - Removed AVG 2011
RP1345: 20/10/2010 10:09:32 - Removed AVG Free 9.0
RP1346: 20/10/2010 11:02:07 - Installed AVG Free 9.0
RP1347: 20/10/2010 11:29:35 - Installed AVG 2011
RP1348: 20/10/2010 11:31:30 - Installed AVG 2011
RP1349: 25/10/2010 07:51:50 - System Checkpoint
RP1350: 26/10/2010 10:47:43 - System Checkpoint
RP1351: 27/10/2010 13:16:30 - System Checkpoint
RP1352: 28/10/2010 13:39:15 - System Checkpoint
RP1353: 31/10/2010 08:53:08 - System Checkpoint
RP1354: 01/11/2010 11:38:03 - System Checkpoint
RP1355: 03/11/2010 07:36:29 - System Checkpoint
RP1356: 04/11/2010 13:07:19 - System Checkpoint
RP1357: 05/11/2010 13:39:17 - System Checkpoint
RP1358: 09/11/2010 19:04:31 - System Checkpoint
RP1359: 10/11/2010 08:40:33 - Software Distribution Service 3.0
RP1360: 12/11/2010 14:00:01 - System Checkpoint
RP1361: 17/11/2010 21:14:33 - System Checkpoint
RP1362: 19/11/2010 18:08:39 - System Checkpoint
RP1363: 21/11/2010 12:46:57 - System Checkpoint
RP1364: 23/11/2010 19:04:38 - System Checkpoint
RP1365: 24/11/2010 19:06:10 - System Checkpoint
RP1366: 28/11/2010 15:46:38 - System Checkpoint
RP1367: 29/11/2010 18:08:40 - System Checkpoint
RP1368: 30/11/2010 18:55:05 - System Checkpoint
RP1369: 01/12/2010 19:59:29 - System Checkpoint
RP1370: 03/12/2010 19:33:56 - System Checkpoint
RP1371: 03/12/2010 20:22:09 - Installed Driver Mender.
==== Installed Programs ======================
360Share Pro(remove only)
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 2000
AVG 2011
AVG PC Tuneup 2011
Bluetooth Stack for Windows by Technika
Bonjour
BT Broadband Desktop Help
BT Yahoo! Applications
BTHomeHub
BTTotalBroadband210
C-Media 3D Audio
Canon ScanGear Toolbox 3.1
CCleaner
Creative Jukebox Driver
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam Notebook Ultra Driver (1.03.03.00)
Creative Live! Cam Notebook Ultra User's Guide (English)
Creative MediaSource
Creative Photo Manager
Creative Removable Disk Manager
Creative Software AutoUpdate
Creative System Information
Creative Zen Micro
Critical Update for Windows Media Player 11 (KB959772)
Driver Mender
EAF
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
Freecom Backup Software 1.15
Freecom Personal Media Suite 2.24
FrostWire 4.13.5
FUJIFILM USB Driver
Google Earth
Google Update Helper
GoToAssist Corporate
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
iPod for Windows 2005-09-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
LaserJet 1018
LightScribe 1.4.136.1
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muveeNow 2.0 - Creative
Nero - Burning Rom
Nero 7 Essentials
OLYMPUS CAMEDIA Master 4.1
OmniPage Pro 9.0
OutlookSpy
Picasa 2
PowerDVD
QuickTime
Safari
Sage Accounts V11.01
Sage MIS 3.01
SageAcc
Scan Manager 5.2
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SightSpeed (remove only)
Skype™ 4.2
TomTom HOME 2.7.4.1962
TomTom HOME Visual Studio Merge Modules
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 14.5
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
04/12/2010 00:16:41, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2
00000000, parameter3 00000000, parameter4 00000000.
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Yahoo! Updater service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The TomTomHOMEService service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The McciCMService service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Creative Service for CDROM Access
service terminated unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7034] - The Bonjour Service service terminated
unexpectedly. It has done this 1 time(s).
04/12/2010 00:00:11, error: Service Control Manager [7031] - The Apple Mobile Device service
terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.
03/12/2010 23:13:21, error: Service Control Manager [7026] - The following boot-start or system-start
driver(s) failed to load: IntelIde
02/12/2010 07:38:03, error: Service Control Manager [7023] - The HID Input Service service terminated
with the following error: The specified module could not be found.
02/12/2010 07:38:03, error: Service Control Manager [7000] - The Parallel port driver service failed
to start due to the following error: The service cannot be started, either because it is disabled or
because it has no enabled devices associated with it.
==== End Of File ===========================
Thanks