TechSpot

NT Authority - 1073741819

By 1902danny
Oct 18, 2011
  1. A couple of days ago a small window popped up on my computer with something about "NT Authority, System Shutdown and 1073741819" plus quite a bit more but did not have time to get it all. I have run my computer a few times since without any recurrence but only for an hour or so.
    I have just been looking at other quite old threads on this subject for a possible answer and found it quite alarming what I have read. Because of this I have run "Malwarebytes Antimalware" and "Kapersky TDSSKiller" (both unable to find any problem).
    Could someone with a lot more knowledge than me have a look at the attached "HiJack This" log please and tell me if I have anything to worry about or if I should investigate it further.
    Many thanks in anticipation.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This error, NT Authority - 1073741819 usually indicates the presence of the Sasser Worm.

    We don't use HijackThis to 'screen' for malware.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please be sure to note the references to pasting the logs and not doing scans other than what I ask you to run.
     
  3. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbye Thanks for your reply.

    I hope I have followed the instructions correctly and include the pasted results.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7975

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    18/10/2011 19:55:28
    mbam-log-2011-10-18 (19-55-28).txt

    Scan type: Quick scan
    Objects scanned: 155085
    Time elapsed: 3 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-18 20:08:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620A rev.3.AAF
    Running: tu6e1p8i.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\agtyrkow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Admin at 20:30:00 on 2011-10-18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.806 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
    mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [SoundMan] SOUNDMAN.EXE
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\admin\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\scrabble® interactive 2007 edition\RegistrationReminder.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-13 38920]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-13 42376]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-13 16008]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-13 184072]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2011-10-3 12964]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-10-13 60040]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-7-29 994360]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-7-29 399416]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-1 246600]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-10-4 45288]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-9 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-9 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
    S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\RpcAgentSrv.exe [2011-10-15 93848]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
    .
    =============== Created Last 30 ================
    .
    2011-10-18 18:40:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-18 18:40:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-18 13:02:17 388096 ----a-r- c:\documents and settings\admin\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-10-18 13:02:14 -------- d-----w- c:\program files\Trend Micro
    2011-10-15 01:50:27 -------- d-----w- c:\program files\SiSoftware
    2011-10-15 00:43:01 -------- d-----w- c:\program files\Realtek Sound Manager
    2011-10-15 00:42:58 -------- d-----w- c:\program files\AvRack
    2011-10-15 00:42:52 752764 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
    2011-10-15 00:42:52 55296 ----a-w- c:\windows\SOUNDMAN.EXE
    2011-10-15 00:42:44 8605696 ----a-w- c:\windows\system32\ALSNDMGR.CPL
    2011-10-15 00:42:41 208896 ------w- c:\windows\alcupd.exe
    2011-10-15 00:42:40 135168 ------w- c:\windows\alcrmv.exe
    2011-10-15 00:37:12 -------- d-----w- c:\documents and settings\all users\application data\Driver Tool
    2011-10-14 20:28:41 -------- d-----w- c:\documents and settings\admin\application data\qs
    2011-10-14 20:28:17 -------- d-----w- c:\program files\QuickSnooker 7
    2011-10-13 19:02:46 306176 --sha-w- C:\EUMONBMP.SYS
    2011-10-13 10:47:21 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-10-13 09:27:17 -------- d-----w- C:\e6d713abde746fd20f573394d33399
    2011-10-13 09:18:04 -------- d-----w- c:\documents and settings\admin\local settings\application data\Secunia PSI
    2011-10-13 09:17:47 -------- d-----w- c:\program files\Secunia
    2011-10-13 07:17:40 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
    2011-10-13 07:17:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-13 07:17:28 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-10-13 07:09:52 -------- d-----w- c:\program files\CCleaner
    2011-10-13 07:02:45 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2011-10-13 07:02:45 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2011-10-13 07:02:44 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2011-10-13 07:02:43 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2011-10-12 20:44:04 20616 ----a-w- c:\windows\system32\fbnative.exe
    2011-10-12 19:27:28 -------- d-----w- c:\documents and settings\all users\application data\qs
    2011-10-10 19:42:22 -------- d-----w- c:\documents and settings\admin\application data\FileHunter
    2011-10-10 18:48:59 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2011-10-10 18:44:57 -------- d--h--w- c:\windows\msdownld.tmp
    2011-10-10 18:43:43 -------- d-----w- c:\windows\Logs
    2011-10-09 15:45:56 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-10-09 15:45:56 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2011-10-09 15:45:56 2469760 ----a-w- c:\windows\system32\BootMan.exe
    2011-10-09 15:45:56 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-10-09 15:45:56 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2011-10-09 12:23:25 -------- d-----w- c:\windows\SxsCaPendDel
    2011-10-08 15:55:55 -------- d-----w- c:\documents and settings\admin\local settings\application data\Nero_AG
    2011-10-08 15:30:44 -------- d-----w- c:\documents and settings\all users\application data\Nero
    2011-10-08 15:15:15 -------- d-----w- c:\program files\Verbatim GREEN BUTTON
    2011-10-08 12:17:53 -------- d-----w- c:\documents and settings\admin\application data\Windows Search
    2011-10-08 09:45:39 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-10-08 09:45:05 -------- d-----w- c:\windows\system32\winrm
    2011-10-08 09:44:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-10-07 16:08:08 -------- d-----w- C:\5AA3213B400A4F8B882400
    2011-10-07 16:08:07 -------- d-----w- C:\$NtUninstallXPSEP$
    2011-10-07 16:08:02 14048 ------w- c:\windows\system32\spmsg2.dll
    2011-10-07 16:08:00 -------- d-----w- C:\C4BF0300BC4F21449EDAC6D501
    2011-10-07 15:30:54 274288 ------w- c:\windows\system32\mucltui.dll
    2011-10-07 15:30:54 215920 ------w- c:\windows\system32\muweb.dll
    2011-10-07 15:30:54 16736 ------w- c:\windows\system32\mucltui.dll.mui
    2011-10-07 15:29:08 -------- d-----w- c:\documents and settings\admin\application data\Windows Desktop Search
    2011-10-07 15:28:12 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-10-07 15:28:12 -------- d-----w- c:\program files\Windows Desktop Search
    2011-10-07 15:27:28 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-10-07 15:27:28 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-10-07 15:27:28 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-10-07 15:07:02 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2011-10-07 15:07:02 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2011-10-07 14:38:08 -------- d-----w- c:\documents and settings\admin\local settings\application data\Microsoft Help
    2011-10-05 20:23:03 -------- d-----w- c:\windows\system32\XPSViewer
    2011-10-05 20:22:39 89088 ------w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-10-05 20:22:20 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-10-05 20:22:20 594432 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-10-05 20:22:20 594432 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-10-05 20:22:20 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-10-05 20:22:20 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-10-05 20:22:20 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-10-05 20:22:19 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-10-05 20:22:19 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-10-05 20:22:19 -------- d-----w- C:\34cab8ffdd2e7181eda18bf01b
    2011-10-05 19:24:03 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
    2011-10-05 10:52:13 -------- d-----w- c:\windows\system32\LogFiles
    2011-10-04 20:26:04 40936 ------w- c:\windows\system32\drivers\point32.sys
    2011-10-04 20:25:52 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-10-04 20:25:41 45288 ------w- c:\windows\system32\drivers\dc3d.sys
    2011-10-04 20:25:41 1461992 ------w- c:\windows\system32\wdfcoinstaller01009.dll
    2011-10-04 20:25:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2011-10-04 20:14:43 21504 -c----w- c:\windows\system32\dllcache\hidserv.dll
    2011-10-04 20:14:43 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-10-04 20:14:41 12160 -c----w- c:\windows\system32\dllcache\mouhid.sys
    2011-10-04 20:14:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-10-04 20:14:39 14592 -c----w- c:\windows\system32\dllcache\kbdhid.sys
    2011-10-04 20:14:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2011-10-04 20:14:29 10368 -c----w- c:\windows\system32\dllcache\hidusb.sys
    2011-10-04 20:14:29 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-10-04 20:14:23 32128 -c----w- c:\windows\system32\dllcache\usbccgp.sys
    2011-10-04 20:14:23 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-10-04 11:27:15 -------- d-----w- c:\program files\Project1
    2011-10-04 08:05:14 -------- d-----w- c:\windows\pss
    2011-10-03 20:32:35 12964 ------w- c:\windows\system32\drivers\kbfilter.sys
    2011-10-03 20:32:34 -------- d-----w- c:\program files\Wireless Device
    2011-10-03 20:32:28 306688 ------w- c:\windows\IsUninst.exe
    2011-10-03 13:34:45 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-03 13:29:14 -------- d-----w- c:\documents and settings\admin\local settings\application data\PackageAware
    2011-10-03 10:13:53 221184 ------w- c:\windows\system32\wmpns.dll
    2011-10-03 09:38:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 09:38:46 -------- d-----w- c:\documents and settings\admin\local settings\application data\Solid State Networks
    2011-10-03 09:04:49 -------- d-----w- c:\program files\AutoCAD LT 2000i
    2011-10-03 09:04:35 -------- d-----w- c:\program files\AutoCAD LT 98
    2011-10-03 09:04:12 -------- d-----w- c:\program files\EASEUS
    2011-10-03 09:03:28 -------- d-----w- c:\program files\OpenOffice.org1.1.0
    2011-10-03 08:45:07 -------- d-----w- c:\documents and settings\admin\application data\OpenOffice.org
    2011-10-03 08:42:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-03 08:42:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-02 20:45:45 -------- d-----w- c:\documents and settings\admin\local settings\application data\Temp
    2011-10-02 16:53:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-10-02 16:53:12 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-10-02 15:44:21 -------- d-----w- c:\windows\system32\NtmsData
    2011-10-02 14:06:57 176640 ------w- c:\windows\system32\LXSYSUI.DLL
    2011-10-02 13:58:32 -------- d-----w- c:\documents and settings\admin\local settings\application data\Trusteer
    2011-10-02 13:58:25 -------- d-----w- c:\program files\Trusteer
    2011-10-02 13:57:47 -------- d-----w- c:\documents and settings\all users\application data\Trusteer
    2011-10-02 13:37:12 446464 ------w- c:\windows\system32\nvudisp.exe
    2011-10-02 13:36:51 446464 ------w- c:\windows\system32\NVUNINST.EXE
    2011-10-02 13:36:48 729088 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-10-02 13:36:48 69715 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2011-10-02 13:36:48 5632 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2011-10-02 13:36:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-10-02 13:36:48 311428 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2011-10-02 13:36:48 266240 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-10-02 13:36:48 192512 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-10-02 13:36:48 188548 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2011-10-02 13:36:44 -------- d-----w- C:\NVIDIA
    2011-10-02 12:17:08 -------- d-----w- c:\documents and settings\all users\application data\IObit
    2011-10-02 12:06:54 -------- d-----w- c:\documents and settings\admin\application data\IObit
    2011-10-02 12:06:53 -------- d-----w- c:\program files\IObit
    2011-10-02 08:03:59 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-10-02 08:03:25 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-10-02 08:02:43 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-10-02 08:01:49 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-10-02 08:01:46 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-10-02 07:59:03 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-02 07:58:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-10-01 11:41:16 -------- d-----w- c:\windows\system32\scripting
    2011-10-01 11:41:16 -------- d-----w- c:\windows\system32\en
    2011-10-01 11:41:16 -------- d-----w- c:\windows\l2schemas
    2011-10-01 11:41:15 -------- d-----w- c:\windows\system32\bits
    2011-10-01 11:38:15 -------- d-----w- c:\windows\network diagnostic
    2011-10-01 11:30:34 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
    2011-10-01 11:24:57 -------- d-----w- c:\windows\ie8updates
    2011-10-01 11:24:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-01 11:24:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-01 11:24:51 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-01 11:24:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-01 11:24:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-01 11:24:51 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-01 11:24:51 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-01 11:23:40 -------- dc-h--w- c:\windows\ie8
    2011-10-01 11:12:56 61440 ------w- c:\windows\system32\kmsvc.dll
    2011-10-01 11:07:39 -------- d-----w- c:\documents and settings\admin\local settings\application data\Identities
    2011-10-01 10:56:01 357888 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-10-01 10:55:25 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-01 10:55:25 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-01 10:55:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-10-01 10:55:16 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-10-01 10:55:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-01 10:55:08 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-01 10:55:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-01 10:54:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-10-01 10:54:22 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-10-01 10:54:21 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-10-01 10:54:21 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-10-01 10:54:21 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-10-01 10:54:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-10-01 10:54:19 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-10-01 10:54:19 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-10-01 10:54:19 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-10-01 10:54:17 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-10-01 10:54:16 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-10-01 10:54:14 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-10-01 10:53:48 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-01 10:53:37 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-01 10:53:24 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-10-01 10:53:21 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-10-01 10:52:06 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2011-10-01 10:51:57 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-01 10:51:55 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-10-01 10:51:35 5120 ------w- c:\windows\system32\xpsp4res.dll
    2011-10-01 10:51:35 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-10-01 10:42:24 -------- d--h--w- C:\$AVG
    2011-10-01 10:39:05 -------- d-----w- c:\windows\system32\PreInstall
    2011-10-01 10:39:03 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-01 10:34:20 -------- d-----w- c:\documents and settings\admin\application data\AVG2012
    2011-10-01 10:32:30 -------- d-----w- c:\documents and settings\admin\application data\AVG Secure Search
    2011-10-01 10:32:28 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-10-01 10:32:27 -------- d-----w- c:\program files\AVG Secure Search
    2011-10-01 10:32:02 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-01 10:32:02 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-10-01 10:31:38 -------- d-----w- c:\program files\AVG
    2011-10-01 10:30:05 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-10-01 10:21:26 -------- d-----w- c:\windows\system32\wbem\AutoRecover
    2011-10-01 10:17:01 9216 ------w- c:\windows\system32\proxycfg.exe
    2011-10-01 10:17:01 63488 ------w- c:\program files\internet explorer\mui\041e\browselc.dll
    2011-10-01 10:17:01 59392 ------w- c:\windows\system32\logman.exe
    2011-10-01 10:17:01 56832 ------w- c:\program files\internet explorer\mui\041e\mshtmler.dll
    2011-10-01 10:17:01 549376 ------w- c:\program files\internet explorer\mui\041e\shdoclc.dll
    2011-10-01 10:17:01 48128 ------w- c:\program files\internet explorer\mui\041e\inetres.dll
    2011-10-01 10:17:01 33792 ------w- c:\program files\messenger\custsat.dll
    2011-10-01 10:17:01 249856 ------w- c:\program files\internet explorer\mui\041e\wab32res.dll
    2011-10-01 10:17:01 2479616 ------w- c:\program files\internet explorer\mui\041e\msoeres.dll
    2011-10-01 10:17:00 249856 ------w- c:\program files\common files\system\mui\041e\wab32res.dll
    2011-10-01 10:15:13 2897920 ------w- c:\windows\system32\xpsp2res.dll
    2011-10-01 10:14:55 19528 ------w- c:\windows\002026_.tmp
    2011-10-01 10:14:46 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-10-01 10:14:14 -------- d-----w- c:\windows\EHome
    2011-10-01 09:45:35 -------- d-sh--w- c:\documents and settings\admin\UserData
    2011-10-01 09:23:01 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-10-01 09:23:01 286720 ------w- c:\windows\Setup1.exe
    2011-10-01 09:10:30 60416 ----a-w- c:\windows\ALCFDRTM.VER
    2011-10-01 09:10:30 60416 ------w- c:\windows\ALCFDRTM.EXE
    2011-10-01 09:08:59 3387392 ------r- c:\windows\system32\nvrsja.dll
    2011-10-01 08:58:00 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
    2011-10-01 08:58:00 141056 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-01 08:54:59 126976 ------w- c:\windows\system32\NVNFINST.DLL
    2011-10-01 08:52:37 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-10-01 08:52:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    .
    ==================== Find3M ====================
    .
    2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-25 18:00:08 56336 ------w- c:\windows\system32\drivers\RapportKELL.sys
    2011-09-13 05:30:10 32592 ------w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 20:30:52.48 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/09/2011 15:45:49
    System Uptime: 18/10/2011 19:09:25 (1 hours ago)
    .
    Motherboard: | | nVidia-nForce2
    Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2171/166mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 247.911 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
    Description: Disk drive
    Device ID: SCSI\DISK&VEN_IC35L120&PROD_AVV207-1&REV_V24O\5&BDBCA15&0&000
    Manufacturer: (Standard disk drives)
    Name: IC35L120 AVV207-1 SCSI Disk Device
    PNP Device ID: SCSI\DISK&VEN_IC35L120&PROD_AVV207-1&REV_V24O\5&BDBCA15&0&000
    Service: disk
    .
    ==== System Restore Points ===================
    .
    RP44: 08/10/2011 09:48:24 - System Checkpoint
    RP45: 08/10/2011 10:02:15 - Software Distribution Service 3.0
    RP46: 08/10/2011 10:44:25 - Installed %1 %2.
    RP47: 08/10/2011 10:44:40 - Installed Windows XP Update for Microsoft Windows (KB971513).
    RP48: 08/10/2011 10:45:01 - Installed %1 %2.
    RP49: 08/10/2011 10:46:23 - Installed Windows XP KB2447568.
    RP50: 08/10/2011 10:46:58 - Installed Windows XP KB2492386.
    RP51: 08/10/2011 16:20:20 - Installed Windows XP KB942288-v3.
    RP52: 08/10/2011 16:20:45 - Installed Microsoft Visual C++ 2005 Redistributable
    RP53: 08/10/2011 16:21:14 - Installed Microsoft Primary Interoperability Assemblies 2005
    RP54: 08/10/2011 16:30:03 - Installed Nero BackItUp and Burn.
    RP55: 08/10/2011 17:59:27 - Software Distribution Service 3.0
    RP56: 08/10/2011 20:56:22 - Software Distribution Service 3.0
    RP57: 09/10/2011 13:22:51 - Software Distribution Service 3.0
    RP58: 09/10/2011 22:19:38 - Restore Operation
    RP59: 10/10/2011 19:48:04 - Installed DirectX
    RP60: 11/10/2011 14:52:15 - Removed Nero BackItUp.
    RP61: 11/10/2011 14:52:54 - Removed Nero BackItUp and Burn.
    RP62: 11/10/2011 22:52:03 - Installed Scrabble® 2003 Edition
    RP63: 13/10/2011 09:26:13 - System Checkpoint
    RP64: 13/10/2011 10:26:53 - Software Distribution Service 3.0
    RP65: 13/10/2011 11:26:19 - Software Distribution Service 3.0
    RP66: 13/10/2011 11:38:49 - Software Distribution Service 3.0
    RP67: 13/10/2011 11:46:26 - Installed Java(TM) 6 Update 22
    RP68: 13/10/2011 11:47:16 - Installed OpenOffice.org 3.3
    RP69: 13/10/2011 11:56:18 - Removed Microsoft Office Enterprise 2007
    RP70: 13/10/2011 18:04:12 - Software Distribution Service 3.0
    RP71: 14/10/2011 21:37:20 - Removed Scrabble® 2003 Edition
    RP72: 15/10/2011 01:35:53 - Installed Driver Tool.
    RP73: 15/10/2011 01:56:08 - IObit Uninstaller restore point
    RP74: 16/10/2011 18:30:21 - System Checkpoint
    RP75: 18/10/2011 13:36:59 - System Checkpoint
    RP76: 18/10/2011 14:02:13 - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    AVG 2012
    C-Media WDM Audio Driver
    CCleaner
    EASEUS Partition Master 9.1.0 Home Edition
    EaseUS Todo Backup Free 3.0
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB971276-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 26
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft IntelliPoint 8.2
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    NVIDIA Drivers
    NVIDIA Gart Driver
    NVIDIA Windows 2000/XP nForce Drivers
    OpenOffice.org 1.1.0
    OpenOffice.org 3.3
    QuickSnooker
    Rapport
    Realtek AC'97 Audio
    SCRABBLE® Interactive 2007 EDITION Uninstall
    Secunia PSI (2.0.0.4002)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SiSoftware Sandra Lite 2011.SP5
    System Requirements Lab
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verbatim GREEN BUTTON 1.46
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Search 4.0
    Windows XP Service Pack 3
    Wireless Keyboard
    XPS Essentials Pack
    XPS Essentials Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18/10/2011 14:37:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Avgldx86 Avgmfx86 Avgtdix EUDSKACS EUFDDISK Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    18/10/2011 14:37:54, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    18/10/2011 14:37:54, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    18/10/2011 14:37:54, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    18/10/2011 14:37:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    18/10/2011 14:37:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    15/10/2011 18:17:56, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C98FA355-BCB9-4E50-87FC-E38ACED18E31} because another computer on the network has the same name. The server could not start.
    15/10/2011 02:50:51, error: Service Control Manager [7000] - The SANDRA service failed to start due to the following error: The system cannot find the path specified.
    14/10/2011 21:24:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    13/10/2011 11:28:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    13/10/2011 11:28:18, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/10/2011 11:28:18, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    13/10/2011 11:01:45, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073).
    11/10/2011 14:55:04, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================

    I should probably make you aware that I recently formatted my hard drive because of a .NET Framework problem (my previous thread) and re-installed XP then allowed Windows update to install all the relevant updates.

    I await your instructions.
    Regards Danny
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for delay, Danny- my internet was down.
    That explains this recent Install Date: 30/09/2011!
    =========================================
    I'd like you to run Combofix, but it won't run with AVG. It has to be temporarily uninstalled:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    Please update Java to v6u27: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ------------------------------------------
    You will have malware in the Java cache- it needs to be cleared:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===========================================
    I didn't see a homepage or search URL set up.
    =========================================
    Please run the online virus scan in the next reply.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Online Virus Scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  6. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbye thanks for the reply.
    I have run into a problem at the point "clear the Java plug in cache".
    I probably misunderstood your instructions and removed the old updates before downloading and installing the new update. Also the update v6u27 you specified was not available so I installed the latest update ie v6u29 assuming that would be ok.
    Now I do not have a Java icon in Control Panel and Java is not in my list of installed programs in Control Panel / Add or remove programs. There is however a Java folder in Program Files in Windows Explorer. Thinking it may not have installed properly I attemted to install again only to receive the message from Java "The program is already installed would you like to re-install it". I click yes and a Windows Installer window pops up with the message "This is only appropriate for programs already installed" as if it is not installed. I then appear to go round in circles getting nowhere!
    Not wanting to do anything out of order as you explained earlier in the thread I have not gone any further.
    Sorry if I have made a mistake but the instruction was slightly ambiguous.
    I do include the ComboFix.txt for your information so far.


    ComboFix 11-10-21.06 - Admin 22/10/2011 11:52:57.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.1065 [GMT 1:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\messenger\msmsgsin.exe
    c:\program files\msn\msncorefiles\custdial.dll
    c:\program files\msn\msncorefiles\logonmgr.dll
    c:\windows\help\tours\htmltour\unlock_playing.htm
    c:\windows\ST6UNST.000
    c:\windows\system32\autorun.ini
    c:\windows\system32\winio.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-22 10:14 . 2011-10-22 10:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
    2011-10-21 12:34 . 2011-10-21 12:34 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer
    2011-10-18 13:02 . 2011-10-18 13:02 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-14 20:28 . 2011-10-14 20:30 -------- d-----w- c:\documents and settings\Admin\Application Data\qs
    2011-10-13 19:02 . 2011-10-14 09:52 306176 --sha-w- C:\EUMONBMP.SYS
    2011-10-13 09:27 . 2011-10-13 09:27 -------- d-----w- C:\e6d713abde746fd20f573394d33399
    2011-10-13 09:18 . 2011-10-13 09:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Secunia PSI
    2011-10-13 07:17 . 2011-10-13 07:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2011-10-10 19:42 . 2011-10-10 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\FileHunter
    2011-10-08 15:55 . 2011-10-08 15:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Nero_AG
    2011-10-08 15:37 . 2011-10-08 16:07 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
    2011-10-08 12:17 . 2011-10-08 12:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
    2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\5AA3213B400A4F8B882400
    2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\$NtUninstallXPSEP$
    2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\C4BF0300BC4F21449EDAC6D501
    2011-10-07 15:29 . 2011-10-07 15:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
    2011-10-07 14:38 . 2011-10-07 14:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
    2011-10-05 20:22 . 2011-10-05 20:22 -------- d-----w- C:\34cab8ffdd2e7181eda18bf01b
    2011-10-05 19:24 . 2011-10-05 19:24 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
    2011-10-03 13:29 . 2011-10-03 13:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PackageAware
    2011-10-03 09:38 . 2011-10-03 09:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Solid State Networks
    2011-10-03 08:45 . 2011-10-03 08:45 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org
    2011-10-02 20:45 . 2011-10-03 10:04 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
    2011-10-02 13:58 . 2011-10-02 13:58 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Trusteer
    2011-10-02 13:36 . 2011-10-02 13:36 -------- d-----w- C:\NVIDIA
    2011-10-02 12:06 . 2011-10-04 10:52 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
    2011-10-01 11:30 . 2011-10-01 11:30 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
    2011-10-01 11:07 . 2011-10-01 11:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
    2011-10-01 10:42 . 2011-10-01 10:42 -------- d-----w- C:\$AVG
    2011-10-01 10:34 . 2011-10-01 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG2012
    2011-10-01 09:45 . 2011-10-01 09:45 -------- d-sh--w- c:\documents and settings\Admin\UserData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-17 13:49 . 2003-03-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "nwiz"="nwiz.exe" [2008-05-16 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-05 70792]
    "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-05 744072]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctNzQ5NzM2MjY3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=e2fd2410221947d18f115b166f124ab6-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Admin\Start Menu\Programs\Startup\
    Registration SCRABBLE® Interactive 2007 EDITION.LNK - c:\program files\UBISOFT\SCRABBLE® Interactive 2007 EDITION\RegistrationReminder.exe [2007-5-16 884736]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2011-10-3 172032]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Outlook Express\\msimn.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [13/10/2011 08:02 38920]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [13/10/2011 08:02 42376]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 11:13 36000]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [13/10/2011 08:02 16008]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [13/10/2011 08:02 184072]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [03/10/2011 21:32 12964]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 12:28 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 11:13 86224]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [29/07/2011 10:30 994360]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [29/07/2011 10:30 399416]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [04/10/2011 21:25 45288]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
    S2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [13/10/2011 08:00 60040]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [09/10/2011 16:45 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [09/10/2011 16:45 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [15/10/2011 02:50 93848]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31/03/2003 13:00 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ANTIVIRSCHEDULERSERVICE
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    *NewlyCreated* - AVKMGR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
    .
    2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-Cmaudio - cmicnfg.cpl
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-22 11:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-10-22 12:00:33
    ComboFix-quarantined-files.txt 2011-10-22 11:00
    .
    Pre-Run: 265,875,718,144 bytes free
    Post-Run: 265,911,021,568 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 520B133AAD0537592C897F7BA09CCED8

    I have been reading other threads on similar problems to mine. Quite a few you have been involved in and I get the impression my safest course of action may be to format and reinstall.
    I am particularly concerned about internet banking. Could I ask your opinion please.
    If you think that is my safest bet I will do so. There are however things on my computer I would like to backup and restore later so would you think it best to carry on with the cleaning before backing up anything that may be infected?

    Many thanks again for the help so far and I await your further instructions.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Danny, it is always the option of the member to choose a reformat/reinstall over a cleaning. And in the case of some malware infections such as Virus or Ramnit, we do suggest the R/R as soon as we see these infectors.

    But so far, I'm not seeing any indication of that type of malware. But Combofix deleted c:\windows\system32\autorun.ini so I need to see if anything shows up in the Eset scan. Please run that.
    ==========================================
    Sorry the Java info wasn't clear. Instructions are to update first, then remove outdated versions. We'll check again later.
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\002026_.tmp
    c:\documents and settings\admin\UserData
    c:\windows\system32\svchost.exe -k WINRM
    DDS::
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    StartupFolder: c:\docume~1\admin\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\scrabble® interactive 2007 edition\RegistrationReminder.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab=--=
    Folder::
    c:\documents and settings\all users\application data\IObit
    c:\documents and settings\admin\application data\IObit
    c:\program files\IObit
    c:\windows\msdownld.tmp
    c:\windows\Logs
    C:\5AA3213B400A4F8B882400
    C:\C4BF0300BC4F21449EDAC6D501
    C:\34cab8ffdd2e7181eda18bf01b
    C:\e6d713abde746fd20f573394d33399
    c:\documents and settings\admin\local settings\application data\Temp
    c:\documents and settings\admin\application data\qs
    c:\documents and settings\all users\application data\qs
    c:\documents and settings\Admin\UserData
    Driver::
    WinRM
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    There is a Worm fix I will have you run if it's indicated. Are you still seeing the NT message? Are there any other system problems since this started?
     
  8. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbye thanks for the reply.
    Tried to run the ESETScan four times and each time it got to approx 52% and computer shut down and rebooted.
    Also ran ComboFix with the CFScript.txt and that shut down at Stage 50 with a BSOD. but ran it again and it completed successfully. ComboFix.txt included.

    ComboFix 11-10-21.06 - Admin 25/10/2011 12:33:45.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.1105 [GMT 1:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    FILE ::
    "c:\documents and settings\admin\UserData"
    "c:\windows\002026_.tmp"
    "c:\windows\system32\svchost.exe -k WINRM"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\34cab8ffdd2e7181eda18bf01b
    c:\34cab8ffdd2e7181eda18bf01b\amd64\filterpipelineprintproc.dll
    c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsdrv.cat
    c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsdrv.inf
    c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsinc.gpd
    c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsinc.ppd
    c:\34cab8ffdd2e7181eda18bf01b\amd64\mxdwdrv.dll
    c:\34cab8ffdd2e7181eda18bf01b\amd64\xpssvcs.dll
    c:\34cab8ffdd2e7181eda18bf01b\i386\filterpipelineprintproc.dll
    c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsdrv.cat
    c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsdrv.inf
    c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsinc.gpd
    c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsinc.ppd
    c:\34cab8ffdd2e7181eda18bf01b\i386\mxdwdrv.dll
    c:\34cab8ffdd2e7181eda18bf01b\i386\xpssvcs.dll
    C:\5AA3213B400A4F8B882400
    C:\C4BF0300BC4F21449EDAC6D501
    c:\docume~1\admin\startm~1\programs\startup\regist~1.lnk
    c:\documents and settings\admin\application data\IObit
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\AutoSweep.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-02(13-14-24).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-03(10-52-55).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-03(23-15-07).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-07(16-23-20).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-07(17-30-34).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-07(23-41-12).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-08(10-00-16).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-08(11-05-16).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-09(11-07-44).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-10(13-07-00).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-11(11-33-25).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-11(11-50-57).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-12(01-10-40).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-12(12-10-34).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-13(17-42-27).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-13(21-50-52).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-14(22-24-14).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-15(02-39-22).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-15(19-51-58).reg
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Driver Manager\DriverSavePath.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Ignore.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-02(13-14-24).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-03(10-52-55).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-03(23-15-07).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(16-23-20).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(17-29-32).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(17-30-34).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(23-41-12).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-08(10-00-16).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-08(10-01-20).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-08(11-05-16).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-09(11-07-44).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-10(13-07-00).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-11(11-33-26).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-11(11-50-57).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-11(15-54-12).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-12(01-08-50).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-12(01-10-40).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-12(12-10-34).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-13(17-42-27).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-13(21-50-52).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-14(22-24-14).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-15(02-39-22).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-15(19-51-58).txt
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Main.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\PMonitor\Config.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Smart RAM\Smart RAM.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Startup Manager\startup
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Startup Manager\startup.db
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Startup Manager\Version.ini
    c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Toolbox\Recently.ini
    c:\documents and settings\admin\application data\IObit\IObit Uninstaller\Log\2011-10-15.log
    c:\documents and settings\admin\application data\IObit\IObit Uninstaller\Select.ini
    c:\documents and settings\admin\application data\IObit\IObit Uninstaller\SoftwareCache.ini
    c:\documents and settings\admin\application data\IObit\Uninstall Unwanted Apps.lnk
    c:\documents and settings\admin\application data\qs
    c:\documents and settings\admin\application data\qs\ar.dat
    c:\documents and settings\admin\application data\qs\aralia.dds
    c:\documents and settings\admin\application data\qs\baize.dds
    c:\documents and settings\admin\application data\qs\Balls0.tmp
    c:\documents and settings\admin\application data\qs\blank.dds
    c:\documents and settings\admin\application data\qs\bricks.dds
    c:\documents and settings\admin\application data\qs\broken.dds
    c:\documents and settings\admin\application data\qs\burr.dds
    c:\documents and settings\admin\application data\qs\chalk.dds
    c:\documents and settings\admin\application data\qs\cue.dds
    c:\documents and settings\admin\application data\qs\cue.scn
    c:\documents and settings\admin\application data\qs\environ.dds
    c:\documents and settings\admin\application data\qs\floor.dds
    c:\documents and settings\admin\application data\qs\glass.dds
    c:\documents and settings\admin\application data\qs\hive.dat
    c:\documents and settings\admin\application data\qs\leather.dds
    c:\documents and settings\admin\application data\qs\logs\log-Fri 21-28.txt
    c:\documents and settings\admin\application data\qs\logs\log-Fri 21-29.txt
    c:\documents and settings\admin\application data\qs\logs\log-Sat 23-21.txt
    c:\documents and settings\admin\application data\qs\logs\log-Sat 23-24.txt
    c:\documents and settings\admin\application data\qs\logs\log-Sun 10-16.txt
    c:\documents and settings\admin\application data\qs\mahogany.dds
    c:\documents and settings\admin\application data\qs\mytable.dds
    c:\documents and settings\admin\application data\qs\net.dds
    c:\documents and settings\admin\application data\qs\pale_leather.dds
    c:\documents and settings\admin\application data\qs\panel.dds
    c:\documents and settings\admin\application data\qs\poolballs.dds
    c:\documents and settings\admin\application data\qs\shadow.dds
    c:\documents and settings\admin\application data\qs\shadowtop.dds
    c:\documents and settings\admin\application data\qs\snooker7.scn
    c:\documents and settings\admin\application data\qs\tj.dds
    c:\documents and settings\admin\application data\qs\words.dds
    c:\documents and settings\admin\local settings\application data\Temp
    c:\documents and settings\Admin\UserData
    c:\documents and settings\Admin\UserData\07FVEO5P\oWindowsUpdate[1].xml
    c:\documents and settings\Admin\UserData\653C9KRU\mgmhppd[1].xml
    c:\documents and settings\Admin\UserData\index.dat
    c:\documents and settings\Admin\UserData\JB5FB5OW\pmocntr2[1].xml
    c:\documents and settings\Admin\UserData\XWSNH1CT\oXMLStore[1].xml
    c:\documents and settings\all users\application data\IObit
    c:\documents and settings\all users\application data\IObit\Advanced SystemCare V4\temp.ini
    c:\documents and settings\all users\application data\qs
    C:\e6d713abde746fd20f573394d33399
    c:\e6d713abde746fd20f573394d33399\1025\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1025\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1028\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1028\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1029\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1029\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1030\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1030\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1031\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1031\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1032\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1032\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1033\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1033\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1035\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1035\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1036\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1036\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1037\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1037\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1038\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1038\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1040\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1040\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1041\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1041\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1042\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1042\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1043\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1043\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1044\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1044\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1045\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1045\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1046\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1046\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1049\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1049\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1053\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1053\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\1055\eula.rtf
    c:\e6d713abde746fd20f573394d33399\1055\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\2052\eula.rtf
    c:\e6d713abde746fd20f573394d33399\2052\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\2070\eula.rtf
    c:\e6d713abde746fd20f573394d33399\2070\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\3076\eula.rtf
    c:\e6d713abde746fd20f573394d33399\3076\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\3082\eula.rtf
    c:\e6d713abde746fd20f573394d33399\3082\HotFixInstallerUI.dll
    c:\e6d713abde746fd20f573394d33399\DHtmlHeader.html
    c:\e6d713abde746fd20f573394d33399\header.bmp
    c:\e6d713abde746fd20f573394d33399\HotFixInstaller.exe
    c:\e6d713abde746fd20f573394d33399\NDP20SP2-KB2572073.msp
    c:\e6d713abde746fd20f573394d33399\ParameterInfo.xml
    c:\e6d713abde746fd20f573394d33399\watermark.bmp
    c:\program files\IObit
    c:\program files\IObit\Advanced SystemCare 4\AutoUpdateHistory.txt
    c:\program files\IObit\Advanced SystemCare 4\checkinfo.txt
    c:\program files\IObit\Advanced SystemCare 4\DiskScan.log
    c:\program files\IObit\Advanced SystemCare 4\Error_Log.txt
    c:\program files\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
    c:\program files\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
    c:\program files\IObit\Advanced SystemCare 4\License.dat
    c:\program files\IObit\Advanced SystemCare 4\services.ini
    c:\program files\IObit\Advanced SystemCare 4\shconfig.ini
    c:\program files\IObit\Advanced SystemCare 4\TBconfig.ini
    c:\program files\IObit\Advanced SystemCare 4\Update.dat
    c:\program files\IObit\Advanced SystemCare 4\Update\Update.Ini
    c:\program files\ubisoft\scrabble® interactive 2007 edition\RegistrationReminder.exe
    c:\windows\002026_.tmp
    c:\windows\Logs
    c:\windows\msdownld.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_WinRM
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-22 10:14 . 2011-10-22 10:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
    2011-10-21 12:34 . 2011-10-21 12:34 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer
    2011-10-18 13:02 . 2011-10-18 13:02 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-13 19:02 . 2011-10-14 09:52 306176 --sha-w- C:\EUMONBMP.SYS
    2011-10-13 09:18 . 2011-10-13 09:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Secunia PSI
    2011-10-13 07:17 . 2011-10-13 07:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2011-10-10 19:42 . 2011-10-10 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\FileHunter
    2011-10-08 15:55 . 2011-10-08 15:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Nero_AG
    2011-10-08 15:37 . 2011-10-08 16:07 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
    2011-10-08 12:17 . 2011-10-08 12:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
    2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\$NtUninstallXPSEP$
    2011-10-07 15:29 . 2011-10-07 15:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
    2011-10-07 14:38 . 2011-10-07 14:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
    2011-10-05 19:24 . 2011-10-05 19:24 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
    2011-10-03 13:29 . 2011-10-03 13:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PackageAware
    2011-10-03 09:38 . 2011-10-03 09:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Solid State Networks
    2011-10-03 08:45 . 2011-10-03 08:45 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org
    2011-10-02 13:58 . 2011-10-02 13:58 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Trusteer
    2011-10-02 13:36 . 2011-10-02 13:36 -------- d-----w- C:\NVIDIA
    2011-10-01 11:30 . 2011-10-01 11:30 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
    2011-10-01 11:07 . 2011-10-01 11:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
    2011-10-01 10:42 . 2011-10-01 10:42 -------- d-----w- C:\$AVG
    2011-10-01 10:34 . 2011-10-01 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG2012
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-17 13:49 . 2003-03-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-22_10.58.09 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-02-19 22:03 . 2011-02-19 22:03 51024 c:\windows\system32\vcomp100.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 51024 c:\windows\system32\vcomp100.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100u.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 81744 c:\windows\system32\mfcm100u.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 81744 c:\windows\system32\mfcm100.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 60752 c:\windows\system32\mfc100rus.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 60752 c:\windows\system32\mfc100rus.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 43344 c:\windows\system32\mfc100kor.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 43344 c:\windows\system32\mfc100kor.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 43856 c:\windows\system32\mfc100jpn.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 43856 c:\windows\system32\mfc100jpn.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 62288 c:\windows\system32\mfc100ita.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 62288 c:\windows\system32\mfc100ita.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100fra.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 64336 c:\windows\system32\mfc100fra.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 63824 c:\windows\system32\mfc100esn.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 63824 c:\windows\system32\mfc100esn.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 55120 c:\windows\system32\mfc100enu.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 55120 c:\windows\system32\mfc100enu.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100deu.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 64336 c:\windows\system32\mfc100deu.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 36176 c:\windows\system32\mfc100cht.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100cht.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100chs.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 36176 c:\windows\system32\mfc100chs.dll
    - 2011-02-18 23:40 . 2011-02-18 23:40 773968 c:\windows\system32\msvcr100.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 773968 c:\windows\system32\msvcr100.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 421200 c:\windows\system32\msvcp100.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 421200 c:\windows\system32\msvcp100.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 138056 c:\windows\system32\atl100.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\system32\atl100.dll
    + 2011-10-22 11:16 . 2011-10-22 11:16 203776 c:\windows\Installer\3ec94d.msi
    + 2011-06-11 00:58 . 2011-06-11 00:58 4422992 c:\windows\system32\mfc100u.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 4422992 c:\windows\system32\mfc100u.dll
    - 2011-02-19 22:03 . 2011-02-19 22:03 4397384 c:\windows\system32\mfc100.dll
    + 2011-06-11 00:58 . 2011-06-11 00:58 4397384 c:\windows\system32\mfc100.dll
    + 2011-06-28 20:27 . 2011-06-28 20:27 4028928 c:\windows\Installer\22cb40.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "nwiz"="nwiz.exe" [2008-05-16 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-05 70792]
    "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-05 744072]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctNzQ5NzM2MjY3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=e2fd2410221947d18f115b166f124ab6-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2011-10-3 172032]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Outlook Express\\msimn.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [13/10/2011 08:02 38920]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [13/10/2011 08:02 42376]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 11:13 36000]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [13/10/2011 08:02 16008]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [13/10/2011 08:02 184072]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [03/10/2011 21:32 12964]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 12:28 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 11:13 86224]
    R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [13/10/2011 08:00 60040]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [29/07/2011 10:30 994360]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [29/07/2011 10:30 399416]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [04/10/2011 21:25 45288]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [09/10/2011 16:45 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [09/10/2011 16:45 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [15/10/2011 02:50 93848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
    .
    2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-25 12:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3952)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\SOUNDMAN.EXE
    c:\program files\Microsoft IntelliPoint\dpupdchk.exe
    c:\program files\Wireless Device\Wireless Keyboard\osd.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-25 12:46:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-25 11:46
    ComboFix2.txt 2011-10-22 11:00
    .
    Pre-Run: 265,956,061,184 bytes free
    Post-Run: 265,919,614,976 bytes free
    .
    - - End Of File - - C6CE71B3E67D7C0B0CF80A56EC3DD244

    You asked "Are you still seeing the NT message? Are there any other system problems since this started?"

    I have not seen the NT message again although I have not used the computer that much.

    I do not use the computer for gaming as such but do play Scrabble occasionally (only against the wife on this computer, never online) but on the last three occasions the computer will shut down part way through a game with a message "Scrabble as encountered a problem and needs to close" Prior to the re-install and this problem I did not have any problems so I do not think it is the game.

    Also I receive a similar message from Internet Explorer occasionally and that will shut down. It did it a few times on the Java site when I had the problems with Java in my last post.

    I did wonder if the ESET scan problem was something to do with Internet Explorer and wondered about downloading Firefox and trying ESET with that browser but remembered you asked me not to download anything other than what you wanted me too.

    Many thanks again Danny
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Danny, this is a very 'generic' message. The only way to try and find what's happening is to check the Event Viewer to see of there is a corresponding error.

    You will need to check the time on the computer clock when you get this message. Then run this:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)
    ===============================
    The Eset instructions start out like this:
    [*] Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
    -------------------------------
    If you are using IE for the scan, you do not do the following:
    -------------------------------
    Could that be the problem with Eset?
     
  10. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbeye thanks for the quick reply.

    I am having great difficulty with ESET. I followed your instructions exactly for IE and same problem ie 48% it shut down and rebooted.
    I uninstalled ESET, followed your instructions again for IE and restarted from scratch, same thing only this time it stopped at approx 45% with BSOD.
    Showing : DRIVER_IRQL_NOT_LESS_OR_EQUAL then lots about removing any recently installed hardware or software etc.
    Technical info:
    STOP: 0x000000D1 (0x00000915, 0x00000005, 0x00000000, 0xF74C26C4)
    atapi.sys - Address F74C26C4 base at F74C0000, Datestamp 4802539d
    I have not tried again. Sorry but I do feel I am following your instuctions correctly.

    I went to the Java website again using IE and caused it to fault and shut down then ran the VEW program and include the pasted log. IE faulted at Log: 'Application' Date/Time: 26/10/2011 17:37:17




    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 26/10/2011 17:42:15

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/10/2011 17:37:17
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 25/10/2011 12:40:06
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application windowssearch.exe, version 7.0.6001.16503, faulting module unknown, version 0.0.0.0, fault address 0x01b88fa0.

    Log: 'Application' Date/Time: 25/10/2011 12:40:06
    Type: error Category: 0
    Event: 1000 Source: Microsoft IntelliPoint
    The event description cannot be found.

    Log: 'Application' Date/Time: 25/10/2011 12:40:05
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application googletoolbarnotifier.exe, version 4.1.509.1944, faulting module , version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 25/10/2011 12:40:05
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application psi_tray.exe, version 2.0.0.4002, faulting module unknown, version 0.0.0.0, fault address 0x10078fa0.

    Log: 'Application' Date/Time: 24/10/2011 11:15:30
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 24/10/2011 11:14:29
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 24/10/2011 11:10:08
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 22:01:15
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 22:00:53
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 22:00:38
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 21:53:27
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 22/10/2011 23:07:41
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

    Log: 'Application' Date/Time: 22/10/2011 22:54:08
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

    Log: 'Application' Date/Time: 22/10/2011 11:58:23
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application euwatch.exe, version 3.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00988a90.

    Log: 'Application' Date/Time: 22/10/2011 11:58:20
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

    Log: 'Application' Date/Time: 22/10/2011 11:58:19
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application osd.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00bf8a90.

    Log: 'Application' Date/Time: 22/10/2011 11:58:14
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application soundman.exe, version 5.1.0.5, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

    Log: 'Application' Date/Time: 22/10/2011 11:57:30
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application avcenter.exe, version 12.1.0.18, faulting module unknown, version 0.0.0.0, fault address 0x00eb8fa0.

    Log: 'Application' Date/Time: 22/10/2011 11:57:29
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application avgnt.exe, version 12.1.0.17, faulting module unknown, version 0.0.0.0, fault address 0x00d98fa0.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/10/2011 12:14:16
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000008e, parameter1 c0000005, parameter2 3967b400, parameter3 a0396733, parameter4 00000000.

    Log: 'System' Date/Time: 26/10/2011 12:14:10
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 10000050, parameter1 a2a7b400, parameter2 00000000, parameter3 a2a7b400, parameter4 00000000.

    Log: 'System' Date/Time: 26/10/2011 12:14:07
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000008e, parameter1 c0000005, parameter2 61b7b403, parameter3 b761b733, parameter4 00000000.

    Log: 'System' Date/Time: 26/10/2011 12:09:52
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 10000050, parameter1 ac67b403, parameter2 00000000, parameter3 ac67b403, parameter4 00000000.

    Log: 'System' Date/Time: 26/10/2011 12:08:44
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000008e, parameter1 c0000005, parameter2 04bc78bf, parameter3 b704bbf7, parameter4 00000000.

    Log: 'System' Date/Time: 25/10/2011 12:31:47
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 25/10/2011 10:42:02
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000000a, parameter1 760c7d3b, parameter2 00000002, parameter3 00000000, parameter4 804eb55b.

    Log: 'System' Date/Time: 25/10/2011 10:32:36
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 23/10/2011 11:25:31
    Type: error Category: 0
    Event: 19 Source: Print
    Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer3.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:09
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:08
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 22/10/2011 12:31:08
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The Application Management service terminated with the following error: The specified module could not be found.

    Sorry I am not having much luck trying to provide you with information but I really appreciate you perserverance with my problem.

    Regards Danny
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're doing what I asked and that is good. Unfortunately, We still haven't gotten much information. The only error that correcsponds to the time is the 'generic' app error with 'Faulting application iexplore.exe v8/ faulting module unknown.

    That doesn't mean that something isn't happening. It just means neither app or system have corresponding error.

    Let's see if the Kaspersky online scan will work bettter that Eset
    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
    ===================================
    A note about the Eset scan: it appears that you are using the Chrome browser. Did you follow this part of the Eset directions?
     
  12. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbye thanks for the quick reply

    The Kapersky Online Scanner is unavailable, they are waiting for a new improved version coming out.
    Regarding the Chrome browser. I uninstalled it yesterday because that was what ESET was scanning on the first attempt when it shut down IE and I wondered if the Chrome browser may have been the problem. IE is my only browser now.
    I am quite happy to install another browser to try ESET again if you would like me too.

    Regards Danny
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You didn't say whether you followed the instruction for a browser other than IE when you ran it in Chrome.
    ----------------------------
    Let's get rid of some unneeded files:Run TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
    TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
    ================================
    I'd also like you to run Superantispyware. Be sure to check the line for removal of the entries. It will give me an idea of the sites leaving Cookies and malware if any:
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
    =================================>
    Then try the Eset scan again, following the instructions for IE.
     
  14. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbye thanks again for the quick reply.

    You asked if I followed correct instructions for Chrome with ESET.
    I have not used Chrome at all to run ESET. What I probably did not explain very well in my last post was that whilst running ESET in IE, I was watching the scan progress and the scan appeared to slow down/stop at the point of scanning the Google Chrome files before shutting down and rebooting. I wondered if that was why it shut down so removed Chrome to eliminate it.
    I have always used IE to run ESET following the IE instructions every time.

    I have run TFC successfully.

    I have run SAS successfully and include the pasted results.

    I have tried 4 times today to run ESET in IE following the correct instructions with the following results : 1 x shutdown and reboot, 3 x BSOD.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/27/2011 at 11:35 AM

    Application Version : 5.0.1134

    Core Rules Database Version : 7856
    Trace Rules Database Version: 5668

    Scan type : Complete Scan
    Total Scan Time : 00:51:51

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 482
    Memory threats detected : 0
    Registry items scanned : 35351
    Registry threats detected : 0
    File items scanned : 54906
    File threats detected : 28

    Adware.Tracking Cookie
    C:\Documents and Settings\Admin\Cookies\OI7TYTN8.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Admin\Cookies\81TS0W61.txt [ /uk.insight.com ]
    C:\Documents and Settings\Admin\Cookies\UETVNLRH.txt [ /kaspersky.122.2o7.net ]
    C:\Documents and Settings\Admin\Cookies\XUXQJPPX.txt [ /tracking.dc-storm.com ]
    C:\Documents and Settings\Admin\Cookies\LCDQZ1P3.txt [ /webmasterplan.com ]
    C:\Documents and Settings\Admin\Cookies\QGBKTKT8.txt [ /media6degrees.com ]
    C:\Documents and Settings\Admin\Cookies\YXCJ785S.txt [ /statcounter.com ]
    C:\Documents and Settings\Admin\Cookies\P78U2VIL.txt [ /interclick.com ]
    C:\Documents and Settings\Admin\Cookies\YVLV2JD5.txt [ /invitemedia.com ]
    C:\Documents and Settings\Admin\Cookies\06B8GD5A.txt [ /liveperson.net ]
    C:\Documents and Settings\Admin\Cookies\0BNV13ZM.txt [ /at.atwola.com ]
    C:\Documents and Settings\Admin\Cookies\N4ZA1FB9.txt [ /122.2o7.net ]
    C:\Documents and Settings\Admin\Cookies\WQF2TOOZ.txt [ /collective-media.net ]
    C:\Documents and Settings\Admin\Cookies\YCL95UNX.txt [ /ad.360yield.com ]
    C:\Documents and Settings\Admin\Cookies\O2S74KG6.txt [ /www.windowsmedia.com ]
    C:\Documents and Settings\Admin\Cookies\MMT7KEAC.txt [ /yieldmanager.net ]
    C:\Documents and Settings\Admin\Cookies\UZU2H0BO.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Admin\Cookies\E38C6SEM.txt [ /avgtechnologies.112.2o7.net ]
    C:\Documents and Settings\Admin\Cookies\WIP099XV.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Admin\Cookies\DJL9HGQO.txt [ /ar.atwola.com ]
    C:\Documents and Settings\Admin\Cookies\1IIO0821.txt [ /ads.bleepingcomputer.com ]
    C:\Documents and Settings\Admin\Cookies\DHHFDWPC.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Admin\Cookies\Q2C3AF2G.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Admin\Cookies\EOKGM294.txt [ /msnportal.112.2o7.net ]
    C:\Documents and Settings\Admin\Cookies\RID1OT1F.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Admin\Cookies\MDE03XK0.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\Admin\Cookies\1VYGNL1Q.txt [ /webstats.plus.net ]
    C:\Documents and Settings\Admin\Cookies\JG7TLOJ5.txt [ /tacoda.at.atwola.com ]


    I am sure we will eventually get there with ESET. Please keep sending instructions.

    Thank you again.
    Regards Danny
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Looks like you're doing a good job with Tracking Cookie control- here's more help:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ========================================
    See if Kaspersky is back online. It's another online virus scan. They have been updating the database, so if you get that message, let me know:
    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
    ============================================
    Are you getting any notice of proxy problem when you try Eset? It's simple to stop proxy so you can go ahead an do that:
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click OK to close the Local Area Network (LAN) Settings window.
      o Click OK to close the Internet Options window.
     
  16. 1902danny

    1902danny TS Rookie Topic Starter

    Bobbye thanks again for the quick reply.

    I have reset cookies. My browser proxies checked and found to be already set as your suggestions and no I am not getting any notice of proxy problem when I have tried Eset.

    I tried your link to the Kaspersky online scanner and get the following message: 404 - File or directory not found.
    The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

    I have googled it and found possible places it may be available but unsure of the safest option can you recommend one please.
    The Kaspersky lab site looks a safe option and the tool is described as "Kaspersky Virus Removal Tool"
    If that is the correct tool, would you want me to allow it to remove anything or just perform a scan (if possible) as you asked with Eset?

    Thanks again Danny
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good Morning, Danny. I see Kaspersky has pulled the URL and is still updating the database.

    I have another virus scan in my pocket! Let's see if that will run:

    Download 32bit TrendMicro HouseCall
    1. Click Download HouseCall to begin.
      Note: HouseCall requires a small download before it can scan your computer.This will prevent compatibility issues.
    2. Choose to save a a copy of the launcher, [bHousecallLauncher.exe[/b]).
    3. Allow update if offered.
    4. Select the Quick Scan option,
    5. Follow any prompts to save log. Include in next reply.
    =================================================
    Scrabble seems to be an issue now- it may not be the game itself, but some problem with the nt.dll module. Please do this:
    File name: scrabble2007.exe module nt.dll
    Start > Run > type 'Control Inetcpl.cpl' > Click the Advanced tab > Under Browsing > Uncheck 'Enable third-party browser extensions (requires restart)'
    =================================================
    This is also a known potential problem: Please search system. If present, delete or disable Service:
    Netropa: By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
    ================================================
    Please detail what problems remain.
     
  18. 1902danny

    1902danny TS Rookie Topic Starter

    Good evening Bobbye and thank you for your reply.

    I have run House Call with no faults found and no log produced pressumably for that reason.

    Unchecked 'Enable third-party browser extensions and restarted. I have then tried the game of Scrabble but it closed the game again part way through for the same reason. See pasted VEW log. Scrabble being the first one on the list.
    I have pasted the log for your interest but I do appreciate we started this thread for a potential virus / malware problem which you took on because I get the impression that is your prefered speciality.
    If you do not think it is a virus / malware problem I do not want to waste your time on it, I can see from other threads how busy you are and appreciate you do all this from the goodness of your heart.

    You ask what problems remain. I think the only outstanding item was the problem I had with Java earlier in the thread that you said you would check out later.

    Would I be correct in thinking we have not found anything too serious in the way of virus / malware?
    I believe the only thing you have mentioned is "Combofix deleted c:\windows\system32\autorun.ini" but I am not sure how serious you thought that was.

    I am hoping we have not found anything too serious because we recently bought a new laptop that has been connected to this computer via a home network and set for file sharing, I have also moved things about between the two with a memory stick.
    They have not been connected since the begining of this thread and the new laptop is not showing signs of any problems. Having said that I would appreciate any advice on precautionary measures I could take.

    Thank you again and look forward to hearing from you.

    Regards Danny.

    Hope my spelling is not too bad. Would like to download the spell checker for this page but do not want to do anything till I get the ok from you.


    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 29/10/2011 22:46:30

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 29/10/2011 22:40:46
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

    Log: 'Application' Date/Time: 29/10/2011 17:18:20
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0xbd93c3a1.

    Log: 'Application' Date/Time: 26/10/2011 17:37:17
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 25/10/2011 12:40:06
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application windowssearch.exe, version 7.0.6001.16503, faulting module unknown, version 0.0.0.0, fault address 0x01b88fa0.

    Log: 'Application' Date/Time: 25/10/2011 12:40:06
    Type: error Category: 0
    Event: 1000 Source: Microsoft IntelliPoint
    The event description cannot be found.

    Log: 'Application' Date/Time: 25/10/2011 12:40:05
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application googletoolbarnotifier.exe, version 4.1.509.1944, faulting module , version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 25/10/2011 12:40:05
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application psi_tray.exe, version 2.0.0.4002, faulting module unknown, version 0.0.0.0, fault address 0x10078fa0.

    Log: 'Application' Date/Time: 24/10/2011 11:15:30
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 24/10/2011 11:14:29
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 24/10/2011 11:10:08
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 22:01:15
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 22:00:53
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 22:00:38
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 23/10/2011 21:53:27
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Log: 'Application' Date/Time: 22/10/2011 23:07:41
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

    Log: 'Application' Date/Time: 22/10/2011 22:54:08
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

    Log: 'Application' Date/Time: 22/10/2011 11:58:23
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application euwatch.exe, version 3.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00988a90.

    Log: 'Application' Date/Time: 22/10/2011 11:58:20
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

    Log: 'Application' Date/Time: 22/10/2011 11:58:19
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application osd.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00bf8a90.

    Log: 'Application' Date/Time: 22/10/2011 11:58:14
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application soundman.exe, version 5.1.0.5, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 29/10/2011 17:08:56
    Type: error Category: 0
    Event: 12 Source: PlugPlayManager
    The device 'PIONEER DVD-RW DVR-116D' (IDE\CdRomPIONEER_DVD-RW__DVR-116D________________1.09____\48_0444a3150373932325732204c202020202020) disappeared from the system without first being prepared for removal.

    Log: 'System' Date/Time: 29/10/2011 17:08:56
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom1.

    Log: 'System' Date/Time: 29/10/2011 17:08:56
    Type: error Category: 0
    Event: 15 Source: atapi
    The device, \Device\Ide\IdePort1, is not ready for access yet.

    Log: 'System' Date/Time: 29/10/2011 17:08:33
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom1.

    Log: 'System' Date/Time: 29/10/2011 17:08:33
    Type: error Category: 0
    Event: 15 Source: atapi
    The device, \Device\Ide\IdePort1, is not ready for access yet.

    Log: 'System' Date/Time: 29/10/2011 17:08:10
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom1.

    Log: 'System' Date/Time: 29/10/2011 17:08:10
    Type: error Category: 0
    Event: 15 Source: atapi
    The device, \Device\Ide\IdePort1, is not ready for access yet.

    Log: 'System' Date/Time: 28/10/2011 18:18:31
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000008e, parameter1 c0000005, parameter2 1457b400, parameter3 b6145733, parameter4 00000000.

    Log: 'System' Date/Time: 28/10/2011 18:18:29
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000008e, parameter1 c0000005, parameter2 840c78bf, parameter3 b7840bf7, parameter4 00000000.

    Log: 'System' Date/Time: 28/10/2011 18:18:27
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000000a, parameter1 d0000020, parameter2 00000002, parameter3 00000000, parameter4 804f5038.

    Log: 'System' Date/Time: 28/10/2011 18:18:24
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000000a, parameter1 0a0d001f, parameter2 00000002, parameter3 00000000, parameter4 804e39b7.

    Log: 'System' Date/Time: 28/10/2011 18:17:13
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 1000000a, parameter1 760c7d3b, parameter2 00000002, parameter3 00000000, parameter4 804eb55b.

    Log: 'System' Date/Time: 28/10/2011 06:15:02
    Type: error Category: 0
    Event: 10010 Source: DCOM
    The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 27/10/2011 11:51:38
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 10000050, parameter1 d2b7b403, parameter2 00000000, parameter3 d2b7b403, parameter4 00000000.

    Log: 'System' Date/Time: 27/10/2011 10:23:15
    Type: error Category: 102
    Event: 1003 Source: System Error
    Error code 100000d1, parameter1 00000915, parameter2 00000005, parameter3 00000000, parameter4 f74c26c4.

    Log: 'System' Date/Time: 27/10/2011 10:19:52
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 27/10/2011 10:19:52
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 27/10/2011 10:19:52
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 27/10/2011 10:19:52
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 27/10/2011 10:19:52
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Spell Checker: There is one on the Google Toolbar:
    Click on the wrench o the right of the Google Toolbar> Tools> Check 'Spell Check> Save.

    Re: flash drive and all removable drives: Disinfect all:
    You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    Re empty Java cache. Go through the process again. Make sure on the the Java v6u29 is on the system. Remove any outdated versions in Firefox or Chrome also.
    ================
    Re Scrabble: Recommend uninstall/reinstall
    ==================
    Question: Did you set this to allow?
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
    "AllowInboundEchoRequest"= 1 (0x1)
    ==================
    I'm not seeings any malware entries. If there are no other problems, you can clean up
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
  20. 1902danny

    1902danny TS Rookie Topic Starter

    Hi Bobbye and thanks for the reply.

    Thanks for spellchecker info.

    All flash drives disinfected. Took about 5 seconds for 16gb, does that sound about right? Computer rebooted.
    ===================================
    Reminder from post #6 of this thread. I am still in this situation.
    I have tried deleting the Java folder but it makes no difference. Any help would be appreciated.
    ===================================
    I am pretty sure you have not mentioned this before so no I have not set it. If you recommend I do so could you please explain how I find it and then set a value.
    ===================================
    Re Scrabble: uninstalled will try that again later. Not too worried about that.

    Many thanks again

    Regards Danny
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You must have a copy of the JRE (Java Runtime Environment) on your system to run Java applications and applets. If that is gone, there is no platform for the update. Download (JDK 6) 1.6.2.1 from THIS SITE.

    Reboot

    Then update Java: Java Updates .

    I think this will work.
    ----------------------------------------
    ICMP stands for Internet Connection Message Protocol. ICMP allows you to modify the behavior of the firewall by enabling various ICMP options, such as Allow incoming echo request,
    As far as I know, allowing inbound echo request allows the computer to receive a ping or Tracert command. This can be useful if there is a connectivity problem, but if not, I'd like to close the port if you did not specifically set it:

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
    "AllowInboundEchoRequest"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . No log needed..
    ====================
    If you have already uninstalled Combofix, download and scan again, then run the script.
     
  22. 1902danny

    1902danny TS Rookie Topic Starter

    Hi Bobbye and thanks for the reply.

    I think my computer is now at a point where I am quite happy it is virus / malware free and running very satisfactory.

    I would like to sincerely thank you for all the help you have given me over the last couple of weeks. It is very much appreciated.

    Kind regards

    Danny
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome Danny. If the port is still open, open the Windows Firewwall in the Security center and uncheck it.

    Here are some tips to help you keep the system clean:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie: Previously done
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner]
      or
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
    [​IMG]Peace
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...