Inactive NT Authority - 1073741819

1

1902danny

Posts: 15   +0
A couple of days ago a small window popped up on my computer with something about "NT Authority, System Shutdown and 1073741819" plus quite a bit more but did not have time to get it all. I have run my computer a few times since without any recurrence but only for an hour or so.
I have just been looking at other quite old threads on this subject for a possible answer and found it quite alarming what I have read. Because of this I have run "Malwarebytes Antimalware" and "Kapersky TDSSKiller" (both unable to find any problem).
Could someone with a lot more knowledge than me have a look at the attached "HiJack This" log please and tell me if I have anything to worry about or if I should investigate it further.
Many thanks in anticipation.
 

Attachments

  • hijackthis.log
    7.6 KB · Views: 4
This error, NT Authority - 1073741819 usually indicates the presence of the Sasser Worm.

We don't use HijackThis to 'screen' for malware.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please be sure to note the references to pasting the logs and not doing scans other than what I ask you to run.
 
Bobbye Thanks for your reply.

I hope I have followed the instructions correctly and include the pasted results.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7975

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/10/2011 19:55:28
mbam-log-2011-10-18 (19-55-28).txt

Scan type: Quick scan
Objects scanned: 155085
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-18 20:08:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620A rev.3.AAF
Running: tu6e1p8i.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\agtyrkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Admin at 20:30:00 on 2011-10-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.806 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SoundMan] SOUNDMAN.EXE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\scrabble® interactive 2007 edition\RegistrationReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-13 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-13 42376]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-13 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-13 184072]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2011-10-3 12964]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-10-13 60040]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-7-29 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-7-29 399416]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-1 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-10-4 45288]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-9 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-9 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\RpcAgentSrv.exe [2011-10-15 93848]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
.
=============== Created Last 30 ================
.
2011-10-18 18:40:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 18:40:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 13:02:17 388096 ----a-r- c:\documents and settings\admin\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-18 13:02:14 -------- d-----w- c:\program files\Trend Micro
2011-10-15 01:50:27 -------- d-----w- c:\program files\SiSoftware
2011-10-15 00:43:01 -------- d-----w- c:\program files\Realtek Sound Manager
2011-10-15 00:42:58 -------- d-----w- c:\program files\AvRack
2011-10-15 00:42:52 752764 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2011-10-15 00:42:52 55296 ----a-w- c:\windows\SOUNDMAN.EXE
2011-10-15 00:42:44 8605696 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2011-10-15 00:42:41 208896 ------w- c:\windows\alcupd.exe
2011-10-15 00:42:40 135168 ------w- c:\windows\alcrmv.exe
2011-10-15 00:37:12 -------- d-----w- c:\documents and settings\all users\application data\Driver Tool
2011-10-14 20:28:41 -------- d-----w- c:\documents and settings\admin\application data\qs
2011-10-14 20:28:17 -------- d-----w- c:\program files\QuickSnooker 7
2011-10-13 19:02:46 306176 --sha-w- C:\EUMONBMP.SYS
2011-10-13 10:47:21 -------- d-----w- c:\program files\OpenOffice.org 3
2011-10-13 09:27:17 -------- d-----w- C:\e6d713abde746fd20f573394d33399
2011-10-13 09:18:04 -------- d-----w- c:\documents and settings\admin\local settings\application data\Secunia PSI
2011-10-13 09:17:47 -------- d-----w- c:\program files\Secunia
2011-10-13 07:17:40 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
2011-10-13 07:17:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-13 07:17:28 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-13 07:09:52 -------- d-----w- c:\program files\CCleaner
2011-10-13 07:02:45 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-10-13 07:02:45 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-10-13 07:02:44 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-10-13 07:02:43 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-10-12 20:44:04 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-10-12 19:27:28 -------- d-----w- c:\documents and settings\all users\application data\qs
2011-10-10 19:42:22 -------- d-----w- c:\documents and settings\admin\application data\FileHunter
2011-10-10 18:48:59 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-10-10 18:44:57 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-10 18:43:43 -------- d-----w- c:\windows\Logs
2011-10-09 15:45:56 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-10-09 15:45:56 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-10-09 15:45:56 2469760 ----a-w- c:\windows\system32\BootMan.exe
2011-10-09 15:45:56 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-10-09 15:45:56 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-10-09 12:23:25 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-08 15:55:55 -------- d-----w- c:\documents and settings\admin\local settings\application data\Nero_AG
2011-10-08 15:30:44 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-10-08 15:15:15 -------- d-----w- c:\program files\Verbatim GREEN BUTTON
2011-10-08 12:17:53 -------- d-----w- c:\documents and settings\admin\application data\Windows Search
2011-10-08 09:45:39 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-10-08 09:45:05 -------- d-----w- c:\windows\system32\winrm
2011-10-08 09:44:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-10-07 16:08:08 -------- d-----w- C:\5AA3213B400A4F8B882400
2011-10-07 16:08:07 -------- d-----w- C:\$NtUninstallXPSEP$
2011-10-07 16:08:02 14048 ------w- c:\windows\system32\spmsg2.dll
2011-10-07 16:08:00 -------- d-----w- C:\C4BF0300BC4F21449EDAC6D501
2011-10-07 15:30:54 274288 ------w- c:\windows\system32\mucltui.dll
2011-10-07 15:30:54 215920 ------w- c:\windows\system32\muweb.dll
2011-10-07 15:30:54 16736 ------w- c:\windows\system32\mucltui.dll.mui
2011-10-07 15:29:08 -------- d-----w- c:\documents and settings\admin\application data\Windows Desktop Search
2011-10-07 15:28:12 -------- d-----w- c:\windows\system32\GroupPolicy
2011-10-07 15:28:12 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-07 15:27:28 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-10-07 15:27:28 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-10-07 15:27:28 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-10-07 15:07:02 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-10-07 15:07:02 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-10-07 14:38:08 -------- d-----w- c:\documents and settings\admin\local settings\application data\Microsoft Help
2011-10-05 20:23:03 -------- d-----w- c:\windows\system32\XPSViewer
2011-10-05 20:22:39 89088 ------w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-05 20:22:20 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-10-05 20:22:20 594432 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-10-05 20:22:20 594432 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-05 20:22:20 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-10-05 20:22:20 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-10-05 20:22:20 117760 ------w- c:\windows\system32\prntvpt.dll
2011-10-05 20:22:19 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-10-05 20:22:19 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-10-05 20:22:19 -------- d-----w- C:\34cab8ffdd2e7181eda18bf01b
2011-10-05 19:24:03 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2011-10-05 10:52:13 -------- d-----w- c:\windows\system32\LogFiles
2011-10-04 20:26:04 40936 ------w- c:\windows\system32\drivers\point32.sys
2011-10-04 20:25:52 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-10-04 20:25:41 45288 ------w- c:\windows\system32\drivers\dc3d.sys
2011-10-04 20:25:41 1461992 ------w- c:\windows\system32\wdfcoinstaller01009.dll
2011-10-04 20:25:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-10-04 20:14:43 21504 -c----w- c:\windows\system32\dllcache\hidserv.dll
2011-10-04 20:14:43 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-10-04 20:14:41 12160 -c----w- c:\windows\system32\dllcache\mouhid.sys
2011-10-04 20:14:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-10-04 20:14:39 14592 -c----w- c:\windows\system32\dllcache\kbdhid.sys
2011-10-04 20:14:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-10-04 20:14:29 10368 -c----w- c:\windows\system32\dllcache\hidusb.sys
2011-10-04 20:14:29 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-04 20:14:23 32128 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-04 20:14:23 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-04 11:27:15 -------- d-----w- c:\program files\Project1
2011-10-04 08:05:14 -------- d-----w- c:\windows\pss
2011-10-03 20:32:35 12964 ------w- c:\windows\system32\drivers\kbfilter.sys
2011-10-03 20:32:34 -------- d-----w- c:\program files\Wireless Device
2011-10-03 20:32:28 306688 ------w- c:\windows\IsUninst.exe
2011-10-03 13:34:45 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-03 13:29:14 -------- d-----w- c:\documents and settings\admin\local settings\application data\PackageAware
2011-10-03 10:13:53 221184 ------w- c:\windows\system32\wmpns.dll
2011-10-03 09:38:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:38:46 -------- d-----w- c:\documents and settings\admin\local settings\application data\Solid State Networks
2011-10-03 09:04:49 -------- d-----w- c:\program files\AutoCAD LT 2000i
2011-10-03 09:04:35 -------- d-----w- c:\program files\AutoCAD LT 98
2011-10-03 09:04:12 -------- d-----w- c:\program files\EASEUS
2011-10-03 09:03:28 -------- d-----w- c:\program files\OpenOffice.org1.1.0
2011-10-03 08:45:07 -------- d-----w- c:\documents and settings\admin\application data\OpenOffice.org
2011-10-03 08:42:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-03 08:42:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 20:45:45 -------- d-----w- c:\documents and settings\admin\local settings\application data\Temp
2011-10-02 16:53:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-02 16:53:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 15:44:21 -------- d-----w- c:\windows\system32\NtmsData
2011-10-02 14:06:57 176640 ------w- c:\windows\system32\LXSYSUI.DLL
2011-10-02 13:58:32 -------- d-----w- c:\documents and settings\admin\local settings\application data\Trusteer
2011-10-02 13:58:25 -------- d-----w- c:\program files\Trusteer
2011-10-02 13:57:47 -------- d-----w- c:\documents and settings\all users\application data\Trusteer
2011-10-02 13:37:12 446464 ------w- c:\windows\system32\nvudisp.exe
2011-10-02 13:36:51 446464 ------w- c:\windows\system32\NVUNINST.EXE
2011-10-02 13:36:48 729088 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-10-02 13:36:48 69715 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-10-02 13:36:48 5632 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-10-02 13:36:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-10-02 13:36:48 311428 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-10-02 13:36:48 266240 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-10-02 13:36:48 192512 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-10-02 13:36:48 188548 ------w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-10-02 13:36:44 -------- d-----w- C:\NVIDIA
2011-10-02 12:17:08 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-10-02 12:06:54 -------- d-----w- c:\documents and settings\admin\application data\IObit
2011-10-02 12:06:53 -------- d-----w- c:\program files\IObit
2011-10-02 08:03:59 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-02 08:03:25 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-02 08:02:43 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-02 08:01:49 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-02 08:01:46 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-02 07:59:03 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-02 07:58:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-01 11:41:16 -------- d-----w- c:\windows\system32\scripting
2011-10-01 11:41:16 -------- d-----w- c:\windows\system32\en
2011-10-01 11:41:16 -------- d-----w- c:\windows\l2schemas
2011-10-01 11:41:15 -------- d-----w- c:\windows\system32\bits
2011-10-01 11:38:15 -------- d-----w- c:\windows\network diagnostic
2011-10-01 11:30:34 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2011-10-01 11:24:57 -------- d-----w- c:\windows\ie8updates
2011-10-01 11:24:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-01 11:24:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-01 11:24:51 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-01 11:24:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-01 11:24:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-01 11:24:51 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-01 11:24:51 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-01 11:23:40 -------- dc-h--w- c:\windows\ie8
2011-10-01 11:12:56 61440 ------w- c:\windows\system32\kmsvc.dll
2011-10-01 11:07:39 -------- d-----w- c:\documents and settings\admin\local settings\application data\Identities
2011-10-01 10:56:01 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-10-01 10:55:25 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-01 10:55:25 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-01 10:55:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-01 10:55:16 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-01 10:55:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-01 10:55:08 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-01 10:55:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-01 10:54:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-01 10:54:22 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-01 10:54:21 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-01 10:54:21 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-01 10:54:21 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-01 10:54:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-01 10:54:19 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-10-01 10:54:19 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-01 10:54:19 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-01 10:54:17 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-01 10:54:16 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-01 10:54:14 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-01 10:53:48 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-01 10:53:37 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-01 10:53:24 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-10-01 10:53:21 293376 ------w- c:\windows\system32\browserchoice.exe
2011-10-01 10:52:06 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-10-01 10:51:57 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-01 10:51:55 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-10-01 10:51:35 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-10-01 10:51:35 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-10-01 10:42:24 -------- d--h--w- C:\$AVG
2011-10-01 10:39:05 -------- d-----w- c:\windows\system32\PreInstall
2011-10-01 10:39:03 -------- d--h--w- c:\windows\$hf_mig$
2011-10-01 10:34:20 -------- d-----w- c:\documents and settings\admin\application data\AVG2012
2011-10-01 10:32:30 -------- d-----w- c:\documents and settings\admin\application data\AVG Secure Search
2011-10-01 10:32:28 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-10-01 10:32:27 -------- d-----w- c:\program files\AVG Secure Search
2011-10-01 10:32:02 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-01 10:32:02 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-10-01 10:31:38 -------- d-----w- c:\program files\AVG
2011-10-01 10:30:05 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-10-01 10:21:26 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-10-01 10:17:01 9216 ------w- c:\windows\system32\proxycfg.exe
2011-10-01 10:17:01 63488 ------w- c:\program files\internet explorer\mui\041e\browselc.dll
2011-10-01 10:17:01 59392 ------w- c:\windows\system32\logman.exe
2011-10-01 10:17:01 56832 ------w- c:\program files\internet explorer\mui\041e\mshtmler.dll
2011-10-01 10:17:01 549376 ------w- c:\program files\internet explorer\mui\041e\shdoclc.dll
2011-10-01 10:17:01 48128 ------w- c:\program files\internet explorer\mui\041e\inetres.dll
2011-10-01 10:17:01 33792 ------w- c:\program files\messenger\custsat.dll
2011-10-01 10:17:01 249856 ------w- c:\program files\internet explorer\mui\041e\wab32res.dll
2011-10-01 10:17:01 2479616 ------w- c:\program files\internet explorer\mui\041e\msoeres.dll
2011-10-01 10:17:00 249856 ------w- c:\program files\common files\system\mui\041e\wab32res.dll
2011-10-01 10:15:13 2897920 ------w- c:\windows\system32\xpsp2res.dll
2011-10-01 10:14:55 19528 ------w- c:\windows\002026_.tmp
2011-10-01 10:14:46 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-10-01 10:14:14 -------- d-----w- c:\windows\EHome
2011-10-01 09:45:35 -------- d-sh--w- c:\documents and settings\admin\UserData
2011-10-01 09:23:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-10-01 09:23:01 286720 ------w- c:\windows\Setup1.exe
2011-10-01 09:10:30 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-10-01 09:10:30 60416 ------w- c:\windows\ALCFDRTM.EXE
2011-10-01 09:08:59 3387392 ------r- c:\windows\system32\nvrsja.dll
2011-10-01 08:58:00 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2011-10-01 08:58:00 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-01 08:54:59 126976 ------w- c:\windows\system32\NVNFINST.DLL
2011-10-01 08:52:37 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-10-01 08:52:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 18:00:08 56336 ------w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-13 05:30:10 32592 ------w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 20:30:52.48 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 30/09/2011 15:45:49
System Uptime: 18/10/2011 19:09:25 (1 hours ago)
.
Motherboard: | | nVidia-nForce2
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2171/166mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 247.911 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: SCSI\DISK&VEN_IC35L120&PROD_AVV207-1&REV_V24O\5&BDBCA15&0&000
Manufacturer: (Standard disk drives)
Name: IC35L120 AVV207-1 SCSI Disk Device
PNP Device ID: SCSI\DISK&VEN_IC35L120&PROD_AVV207-1&REV_V24O\5&BDBCA15&0&000
Service: disk
.
==== System Restore Points ===================
.
RP44: 08/10/2011 09:48:24 - System Checkpoint
RP45: 08/10/2011 10:02:15 - Software Distribution Service 3.0
RP46: 08/10/2011 10:44:25 - Installed %1 %2.
RP47: 08/10/2011 10:44:40 - Installed Windows XP Update for Microsoft Windows (KB971513).
RP48: 08/10/2011 10:45:01 - Installed %1 %2.
RP49: 08/10/2011 10:46:23 - Installed Windows XP KB2447568.
RP50: 08/10/2011 10:46:58 - Installed Windows XP KB2492386.
RP51: 08/10/2011 16:20:20 - Installed Windows XP KB942288-v3.
RP52: 08/10/2011 16:20:45 - Installed Microsoft Visual C++ 2005 Redistributable
RP53: 08/10/2011 16:21:14 - Installed Microsoft Primary Interoperability Assemblies 2005
RP54: 08/10/2011 16:30:03 - Installed Nero BackItUp and Burn.
RP55: 08/10/2011 17:59:27 - Software Distribution Service 3.0
RP56: 08/10/2011 20:56:22 - Software Distribution Service 3.0
RP57: 09/10/2011 13:22:51 - Software Distribution Service 3.0
RP58: 09/10/2011 22:19:38 - Restore Operation
RP59: 10/10/2011 19:48:04 - Installed DirectX
RP60: 11/10/2011 14:52:15 - Removed Nero BackItUp.
RP61: 11/10/2011 14:52:54 - Removed Nero BackItUp and Burn.
RP62: 11/10/2011 22:52:03 - Installed Scrabble® 2003 Edition
RP63: 13/10/2011 09:26:13 - System Checkpoint
RP64: 13/10/2011 10:26:53 - Software Distribution Service 3.0
RP65: 13/10/2011 11:26:19 - Software Distribution Service 3.0
RP66: 13/10/2011 11:38:49 - Software Distribution Service 3.0
RP67: 13/10/2011 11:46:26 - Installed Java(TM) 6 Update 22
RP68: 13/10/2011 11:47:16 - Installed OpenOffice.org 3.3
RP69: 13/10/2011 11:56:18 - Removed Microsoft Office Enterprise 2007
RP70: 13/10/2011 18:04:12 - Software Distribution Service 3.0
RP71: 14/10/2011 21:37:20 - Removed Scrabble® 2003 Edition
RP72: 15/10/2011 01:35:53 - Installed Driver Tool.
RP73: 15/10/2011 01:56:08 - IObit Uninstaller restore point
RP74: 16/10/2011 18:30:21 - System Checkpoint
RP75: 18/10/2011 13:36:59 - System Checkpoint
RP76: 18/10/2011 14:02:13 - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
AVG 2012
C-Media WDM Audio Driver
CCleaner
EASEUS Partition Master 9.1.0 Home Edition
EaseUS Todo Backup Free 3.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft IntelliPoint 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA Drivers
NVIDIA Gart Driver
NVIDIA Windows 2000/XP nForce Drivers
OpenOffice.org 1.1.0
OpenOffice.org 3.3
QuickSnooker
Rapport
Realtek AC'97 Audio
SCRABBLE® Interactive 2007 EDITION Uninstall
Secunia PSI (2.0.0.4002)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SiSoftware Sandra Lite 2011.SP5
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verbatim GREEN BUTTON 1.46
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Search 4.0
Windows XP Service Pack 3
Wireless Keyboard
XPS Essentials Pack
XPS Essentials Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
18/10/2011 14:37:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Avgldx86 Avgmfx86 Avgtdix EUDSKACS EUFDDISK Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
18/10/2011 14:37:54, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/10/2011 14:37:54, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/10/2011 14:37:54, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
18/10/2011 14:37:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
18/10/2011 14:37:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/10/2011 18:17:56, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C98FA355-BCB9-4E50-87FC-E38ACED18E31} because another computer on the network has the same name. The server could not start.
15/10/2011 02:50:51, error: Service Control Manager [7000] - The SANDRA service failed to start due to the following error: The system cannot find the path specified.
14/10/2011 21:24:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
13/10/2011 11:28:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
13/10/2011 11:28:18, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/10/2011 11:28:18, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/10/2011 11:01:45, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073).
11/10/2011 14:55:04, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

I should probably make you aware that I recently formatted my hard drive because of a .NET Framework problem (my previous thread) and re-installed XP then allowed Windows update to install all the relevant updates.

I await your instructions.
Regards Danny
 
Sorry for delay, Danny- my internet was down.
I should probably make you aware that I recently formatted
Click to expand...

That explains this recent Install Date: 30/09/2011!
=========================================
I'd like you to run Combofix, but it won't run with AVG. It has to be temporarily uninstalled:
Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
========================================
Please update Java to v6u27: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
------------------------------------------
You will have malware in the Java cache- it needs to be cleared:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
===========================================
I didn't see a homepage or search URL set up.
=========================================
Please run the online virus scan in the next reply.
 
Online Virus Scan:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

Please post the entire log with heading resembling this:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
Click to expand...

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Bobbye thanks for the reply.
I have run into a problem at the point "clear the Java plug in cache".
I probably misunderstood your instructions and removed the old updates before downloading and installing the new update. Also the update v6u27 you specified was not available so I installed the latest update ie v6u29 assuming that would be ok.
Now I do not have a Java icon in Control Panel and Java is not in my list of installed programs in Control Panel / Add or remove programs. There is however a Java folder in Program Files in Windows Explorer. Thinking it may not have installed properly I attemted to install again only to receive the message from Java "The program is already installed would you like to re-install it". I click yes and a Windows Installer window pops up with the message "This is only appropriate for programs already installed" as if it is not installed. I then appear to go round in circles getting nowhere!
Not wanting to do anything out of order as you explained earlier in the thread I have not gone any further.
Sorry if I have made a mistake but the instruction was slightly ambiguous.
I do include the ComboFix.txt for your information so far.


ComboFix 11-10-21.06 - Admin 22/10/2011 11:52:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.1065 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\ST6UNST.000
c:\windows\system32\autorun.ini
c:\windows\system32\winio.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 10:14 . 2011-10-22 10:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
2011-10-21 12:34 . 2011-10-21 12:34 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer
2011-10-18 13:02 . 2011-10-18 13:02 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-14 20:28 . 2011-10-14 20:30 -------- d-----w- c:\documents and settings\Admin\Application Data\qs
2011-10-13 19:02 . 2011-10-14 09:52 306176 --sha-w- C:\EUMONBMP.SYS
2011-10-13 09:27 . 2011-10-13 09:27 -------- d-----w- C:\e6d713abde746fd20f573394d33399
2011-10-13 09:18 . 2011-10-13 09:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Secunia PSI
2011-10-13 07:17 . 2011-10-13 07:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-10-10 19:42 . 2011-10-10 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\FileHunter
2011-10-08 15:55 . 2011-10-08 15:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Nero_AG
2011-10-08 15:37 . 2011-10-08 16:07 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2011-10-08 12:17 . 2011-10-08 12:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\5AA3213B400A4F8B882400
2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\$NtUninstallXPSEP$
2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\C4BF0300BC4F21449EDAC6D501
2011-10-07 15:29 . 2011-10-07 15:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2011-10-07 14:38 . 2011-10-07 14:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2011-10-05 20:22 . 2011-10-05 20:22 -------- d-----w- C:\34cab8ffdd2e7181eda18bf01b
2011-10-05 19:24 . 2011-10-05 19:24 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-10-03 13:29 . 2011-10-03 13:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PackageAware
2011-10-03 09:38 . 2011-10-03 09:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Solid State Networks
2011-10-03 08:45 . 2011-10-03 08:45 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org
2011-10-02 20:45 . 2011-10-03 10:04 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2011-10-02 13:58 . 2011-10-02 13:58 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Trusteer
2011-10-02 13:36 . 2011-10-02 13:36 -------- d-----w- C:\NVIDIA
2011-10-02 12:06 . 2011-10-04 10:52 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
2011-10-01 11:30 . 2011-10-01 11:30 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2011-10-01 11:07 . 2011-10-01 11:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
2011-10-01 10:42 . 2011-10-01 10:42 -------- d-----w- C:\$AVG
2011-10-01 10:34 . 2011-10-01 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG2012
2011-10-01 09:45 . 2011-10-01 09:45 -------- d-sh--w- c:\documents and settings\Admin\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 13:49 . 2003-03-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-05 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-05 744072]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctNzQ5NzM2MjY3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=e2fd2410221947d18f115b166f124ab6-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Registration SCRABBLE® Interactive 2007 EDITION.LNK - c:\program files\UBISOFT\SCRABBLE® Interactive 2007 EDITION\RegistrationReminder.exe [2007-5-16 884736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2011-10-3 172032]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [13/10/2011 08:02 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [13/10/2011 08:02 42376]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 11:13 36000]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [13/10/2011 08:02 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [13/10/2011 08:02 184072]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [03/10/2011 21:32 12964]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 12:28 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 11:13 86224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [29/07/2011 10:30 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [29/07/2011 10:30 399416]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [04/10/2011 21:25 45288]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [13/10/2011 08:00 60040]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [09/10/2011 16:45 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [09/10/2011 16:45 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [15/10/2011 02:50 93848]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31/03/2003 13:00 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-22 12:00:33
ComboFix-quarantined-files.txt 2011-10-22 11:00
.
Pre-Run: 265,875,718,144 bytes free
Post-Run: 265,911,021,568 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 520B133AAD0537592C897F7BA09CCED8

I have been reading other threads on similar problems to mine. Quite a few you have been involved in and I get the impression my safest course of action may be to format and reinstall.
I am particularly concerned about internet banking. Could I ask your opinion please.
If you think that is my safest bet I will do so. There are however things on my computer I would like to backup and restore later so would you think it best to carry on with the cleaning before backing up anything that may be infected?

Many thanks again for the help so far and I await your further instructions.
 
Danny, it is always the option of the member to choose a reformat/reinstall over a cleaning. And in the case of some malware infections such as Virus or Ramnit, we do suggest the R/R as soon as we see these infectors.

But so far, I'm not seeing any indication of that type of malware. But Combofix deleted c:\windows\system32\autorun.ini so I need to see if anything shows up in the Eset scan. Please run that.
==========================================
Sorry the Java info wasn't clear. Instructions are to update first, then remove outdated versions. We'll check again later.
=========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\002026_.tmp
c:\documents and settings\admin\UserData
c:\windows\system32\svchost.exe -k WINRM
DDS::
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\scrabble® interactive 2007 edition\RegistrationReminder.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab=--=
Folder::
c:\documents and settings\all users\application data\IObit
c:\documents and settings\admin\application data\IObit
c:\program files\IObit
c:\windows\msdownld.tmp
c:\windows\Logs
C:\5AA3213B400A4F8B882400
C:\C4BF0300BC4F21449EDAC6D501
C:\34cab8ffdd2e7181eda18bf01b
C:\e6d713abde746fd20f573394d33399
c:\documents and settings\admin\local settings\application data\Temp
c:\documents and settings\admin\application data\qs
c:\documents and settings\all users\application data\qs
c:\documents and settings\Admin\UserData
Driver::
WinRM
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
There is a Worm fix I will have you run if it's indicated. Are you still seeing the NT message? Are there any other system problems since this started?
 
Bobbye thanks for the reply.
Tried to run the ESETScan four times and each time it got to approx 52% and computer shut down and rebooted.
Also ran ComboFix with the CFScript.txt and that shut down at Stage 50 with a BSOD. but ran it again and it completed successfully. ComboFix.txt included.

ComboFix 11-10-21.06 - Admin 25/10/2011 12:33:45.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.1105 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\admin\UserData"
"c:\windows\002026_.tmp"
"c:\windows\system32\svchost.exe -k WINRM"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\34cab8ffdd2e7181eda18bf01b
c:\34cab8ffdd2e7181eda18bf01b\amd64\filterpipelineprintproc.dll
c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsdrv.cat
c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsdrv.inf
c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsinc.gpd
c:\34cab8ffdd2e7181eda18bf01b\amd64\msxpsinc.ppd
c:\34cab8ffdd2e7181eda18bf01b\amd64\mxdwdrv.dll
c:\34cab8ffdd2e7181eda18bf01b\amd64\xpssvcs.dll
c:\34cab8ffdd2e7181eda18bf01b\i386\filterpipelineprintproc.dll
c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsdrv.cat
c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsdrv.inf
c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsinc.gpd
c:\34cab8ffdd2e7181eda18bf01b\i386\msxpsinc.ppd
c:\34cab8ffdd2e7181eda18bf01b\i386\mxdwdrv.dll
c:\34cab8ffdd2e7181eda18bf01b\i386\xpssvcs.dll
C:\5AA3213B400A4F8B882400
C:\C4BF0300BC4F21449EDAC6D501
c:\docume~1\admin\startm~1\programs\startup\regist~1.lnk
c:\documents and settings\admin\application data\IObit
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\AutoSweep.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-02(13-14-24).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-03(10-52-55).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-03(23-15-07).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-07(16-23-20).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-07(17-30-34).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-07(23-41-12).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-08(10-00-16).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-08(11-05-16).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-09(11-07-44).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-10(13-07-00).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-11(11-33-25).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-11(11-50-57).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-12(01-10-40).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-12(12-10-34).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-13(17-42-27).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-13(21-50-52).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-14(22-24-14).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-15(02-39-22).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-10-15(19-51-58).reg
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Driver Manager\DriverSavePath.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Ignore.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-02(13-14-24).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-03(10-52-55).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-03(23-15-07).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(16-23-20).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(17-29-32).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(17-30-34).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-07(23-41-12).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-08(10-00-16).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-08(10-01-20).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-08(11-05-16).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-09(11-07-44).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-10(13-07-00).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-11(11-33-26).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-11(11-50-57).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-11(15-54-12).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-12(01-08-50).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-12(01-10-40).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-12(12-10-34).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-13(17-42-27).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-13(21-50-52).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-14(22-24-14).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-15(02-39-22).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Log\ASCLog-2011-10-15(19-51-58).txt
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Main.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\PMonitor\Config.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Smart RAM\Smart RAM.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Startup Manager\startup
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Startup Manager\startup.db
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Startup Manager\Version.ini
c:\documents and settings\admin\application data\IObit\Advanced SystemCare V4\Toolbox\Recently.ini
c:\documents and settings\admin\application data\IObit\IObit Uninstaller\Log\2011-10-15.log
c:\documents and settings\admin\application data\IObit\IObit Uninstaller\Select.ini
c:\documents and settings\admin\application data\IObit\IObit Uninstaller\SoftwareCache.ini
c:\documents and settings\admin\application data\IObit\Uninstall Unwanted Apps.lnk
c:\documents and settings\admin\application data\qs
c:\documents and settings\admin\application data\qs\ar.dat
c:\documents and settings\admin\application data\qs\aralia.dds
c:\documents and settings\admin\application data\qs\baize.dds
c:\documents and settings\admin\application data\qs\Balls0.tmp
c:\documents and settings\admin\application data\qs\blank.dds
c:\documents and settings\admin\application data\qs\bricks.dds
c:\documents and settings\admin\application data\qs\broken.dds
c:\documents and settings\admin\application data\qs\burr.dds
c:\documents and settings\admin\application data\qs\chalk.dds
c:\documents and settings\admin\application data\qs\cue.dds
c:\documents and settings\admin\application data\qs\cue.scn
c:\documents and settings\admin\application data\qs\environ.dds
c:\documents and settings\admin\application data\qs\floor.dds
c:\documents and settings\admin\application data\qs\glass.dds
c:\documents and settings\admin\application data\qs\hive.dat
c:\documents and settings\admin\application data\qs\leather.dds
c:\documents and settings\admin\application data\qs\logs\log-Fri 21-28.txt
c:\documents and settings\admin\application data\qs\logs\log-Fri 21-29.txt
c:\documents and settings\admin\application data\qs\logs\log-Sat 23-21.txt
c:\documents and settings\admin\application data\qs\logs\log-Sat 23-24.txt
c:\documents and settings\admin\application data\qs\logs\log-Sun 10-16.txt
c:\documents and settings\admin\application data\qs\mahogany.dds
c:\documents and settings\admin\application data\qs\mytable.dds
c:\documents and settings\admin\application data\qs\net.dds
c:\documents and settings\admin\application data\qs\pale_leather.dds
c:\documents and settings\admin\application data\qs\panel.dds
c:\documents and settings\admin\application data\qs\poolballs.dds
c:\documents and settings\admin\application data\qs\shadow.dds
c:\documents and settings\admin\application data\qs\shadowtop.dds
c:\documents and settings\admin\application data\qs\snooker7.scn
c:\documents and settings\admin\application data\qs\tj.dds
c:\documents and settings\admin\application data\qs\words.dds
c:\documents and settings\admin\local settings\application data\Temp
c:\documents and settings\Admin\UserData
c:\documents and settings\Admin\UserData\07FVEO5P\oWindowsUpdate[1].xml
c:\documents and settings\Admin\UserData\653C9KRU\mgmhppd[1].xml
c:\documents and settings\Admin\UserData\index.dat
c:\documents and settings\Admin\UserData\JB5FB5OW\pmocntr2[1].xml
c:\documents and settings\Admin\UserData\XWSNH1CT\oXMLStore[1].xml
c:\documents and settings\all users\application data\IObit
c:\documents and settings\all users\application data\IObit\Advanced SystemCare V4\temp.ini
c:\documents and settings\all users\application data\qs
C:\e6d713abde746fd20f573394d33399
c:\e6d713abde746fd20f573394d33399\1025\eula.rtf
c:\e6d713abde746fd20f573394d33399\1025\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1028\eula.rtf
c:\e6d713abde746fd20f573394d33399\1028\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1029\eula.rtf
c:\e6d713abde746fd20f573394d33399\1029\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1030\eula.rtf
c:\e6d713abde746fd20f573394d33399\1030\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1031\eula.rtf
c:\e6d713abde746fd20f573394d33399\1031\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1032\eula.rtf
c:\e6d713abde746fd20f573394d33399\1032\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1033\eula.rtf
c:\e6d713abde746fd20f573394d33399\1033\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1035\eula.rtf
c:\e6d713abde746fd20f573394d33399\1035\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1036\eula.rtf
c:\e6d713abde746fd20f573394d33399\1036\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1037\eula.rtf
c:\e6d713abde746fd20f573394d33399\1037\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1038\eula.rtf
c:\e6d713abde746fd20f573394d33399\1038\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1040\eula.rtf
c:\e6d713abde746fd20f573394d33399\1040\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1041\eula.rtf
c:\e6d713abde746fd20f573394d33399\1041\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1042\eula.rtf
c:\e6d713abde746fd20f573394d33399\1042\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1043\eula.rtf
c:\e6d713abde746fd20f573394d33399\1043\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1044\eula.rtf
c:\e6d713abde746fd20f573394d33399\1044\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1045\eula.rtf
c:\e6d713abde746fd20f573394d33399\1045\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1046\eula.rtf
c:\e6d713abde746fd20f573394d33399\1046\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1049\eula.rtf
c:\e6d713abde746fd20f573394d33399\1049\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1053\eula.rtf
c:\e6d713abde746fd20f573394d33399\1053\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\1055\eula.rtf
c:\e6d713abde746fd20f573394d33399\1055\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\2052\eula.rtf
c:\e6d713abde746fd20f573394d33399\2052\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\2070\eula.rtf
c:\e6d713abde746fd20f573394d33399\2070\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\3076\eula.rtf
c:\e6d713abde746fd20f573394d33399\3076\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\3082\eula.rtf
c:\e6d713abde746fd20f573394d33399\3082\HotFixInstallerUI.dll
c:\e6d713abde746fd20f573394d33399\DHtmlHeader.html
c:\e6d713abde746fd20f573394d33399\header.bmp
c:\e6d713abde746fd20f573394d33399\HotFixInstaller.exe
c:\e6d713abde746fd20f573394d33399\NDP20SP2-KB2572073.msp
c:\e6d713abde746fd20f573394d33399\ParameterInfo.xml
c:\e6d713abde746fd20f573394d33399\watermark.bmp
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 4\AutoUpdateHistory.txt
c:\program files\IObit\Advanced SystemCare 4\checkinfo.txt
c:\program files\IObit\Advanced SystemCare 4\DiskScan.log
c:\program files\IObit\Advanced SystemCare 4\Error_Log.txt
c:\program files\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
c:\program files\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
c:\program files\IObit\Advanced SystemCare 4\License.dat
c:\program files\IObit\Advanced SystemCare 4\services.ini
c:\program files\IObit\Advanced SystemCare 4\shconfig.ini
c:\program files\IObit\Advanced SystemCare 4\TBconfig.ini
c:\program files\IObit\Advanced SystemCare 4\Update.dat
c:\program files\IObit\Advanced SystemCare 4\Update\Update.Ini
c:\program files\ubisoft\scrabble® interactive 2007 edition\RegistrationReminder.exe
c:\windows\002026_.tmp
c:\windows\Logs
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinRM
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-22 10:14 . 2011-10-22 10:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
2011-10-21 12:34 . 2011-10-21 12:34 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer
2011-10-18 13:02 . 2011-10-18 13:02 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-13 19:02 . 2011-10-14 09:52 306176 --sha-w- C:\EUMONBMP.SYS
2011-10-13 09:18 . 2011-10-13 09:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Secunia PSI
2011-10-13 07:17 . 2011-10-13 07:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-10-10 19:42 . 2011-10-10 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\FileHunter
2011-10-08 15:55 . 2011-10-08 15:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Nero_AG
2011-10-08 15:37 . 2011-10-08 16:07 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2011-10-08 12:17 . 2011-10-08 12:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Search
2011-10-07 16:08 . 2011-10-07 16:08 -------- d-----w- C:\$NtUninstallXPSEP$
2011-10-07 15:29 . 2011-10-07 15:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Desktop Search
2011-10-07 14:38 . 2011-10-07 14:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2011-10-05 19:24 . 2011-10-05 19:24 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-10-03 13:29 . 2011-10-03 13:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PackageAware
2011-10-03 09:38 . 2011-10-03 09:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Solid State Networks
2011-10-03 08:45 . 2011-10-03 08:45 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org
2011-10-02 13:58 . 2011-10-02 13:58 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Trusteer
2011-10-02 13:36 . 2011-10-02 13:36 -------- d-----w- C:\NVIDIA
2011-10-01 11:30 . 2011-10-01 11:30 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2011-10-01 11:07 . 2011-10-01 11:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
2011-10-01 10:42 . 2011-10-01 10:42 -------- d-----w- C:\$AVG
2011-10-01 10:34 . 2011-10-01 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 13:49 . 2003-03-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-22_10.58.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-19 22:03 . 2011-02-19 22:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 51024 c:\windows\system32\vcomp100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 81744 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 81744 c:\windows\system32\mfcm100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 60752 c:\windows\system32\mfc100rus.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 62288 c:\windows\system32\mfc100ita.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 55120 c:\windows\system32\mfc100enu.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 36176 c:\windows\system32\mfc100cht.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100cht.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 36176 c:\windows\system32\mfc100chs.dll
- 2011-02-18 23:40 . 2011-02-18 23:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 773968 c:\windows\system32\msvcr100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 421200 c:\windows\system32\msvcp100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 421200 c:\windows\system32\msvcp100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 138056 c:\windows\system32\atl100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\system32\atl100.dll
+ 2011-10-22 11:16 . 2011-10-22 11:16 203776 c:\windows\Installer\3ec94d.msi
+ 2011-06-11 00:58 . 2011-06-11 00:58 4422992 c:\windows\system32\mfc100u.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 4422992 c:\windows\system32\mfc100u.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 4397384 c:\windows\system32\mfc100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 4397384 c:\windows\system32\mfc100.dll
+ 2011-06-28 20:27 . 2011-06-28 20:27 4028928 c:\windows\Installer\22cb40.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-05 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-05 744072]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctNzQ5NzM2MjY3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=e2fd2410221947d18f115b166f124ab6-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2011-10-3 172032]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP5\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [13/10/2011 08:02 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [13/10/2011 08:02 42376]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 11:13 36000]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [13/10/2011 08:02 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [13/10/2011 08:02 184072]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [03/10/2011 21:32 12964]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 12:28 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 11:13 86224]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [13/10/2011 08:00 60040]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [29/07/2011 10:30 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [29/07/2011 10:30 399416]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [04/10/2011 21:25 45288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [09/10/2011 16:45 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [09/10/2011 16:45 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2011 10:58 136176]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [15/10/2011 02:50 93848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 09:58]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 12:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3952)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Wireless Device\Wireless Keyboard\osd.exe
.
**************************************************************************
.
Completion time: 2011-10-25 12:46:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-25 11:46
ComboFix2.txt 2011-10-22 11:00
.
Pre-Run: 265,956,061,184 bytes free
Post-Run: 265,919,614,976 bytes free
.
- - End Of File - - C6CE71B3E67D7C0B0CF80A56EC3DD244

You asked "Are you still seeing the NT message? Are there any other system problems since this started?"

I have not seen the NT message again although I have not used the computer that much.

I do not use the computer for gaming as such but do play Scrabble occasionally (only against the wife on this computer, never online) but on the last three occasions the computer will shut down part way through a game with a message "Scrabble as encountered a problem and needs to close" Prior to the re-install and this problem I did not have any problems so I do not think it is the game.

Also I receive a similar message from Internet Explorer occasionally and that will shut down. It did it a few times on the Java site when I had the problems with Java in my last post.

I did wonder if the ESET scan problem was something to do with Internet Explorer and wondered about downloading Firefox and trying ESET with that browser but remembered you asked me not to download anything other than what you wanted me too.

Many thanks again Danny
 
Danny, this is a very 'generic' message. The only way to try and find what's happening is to check the Event Viewer to see of there is a corresponding error.

You will need to check the time on the computer clock when you get this message. Then run this:

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

  • Select log to query, select
  • Application
  • System

    Under Select type to list, select:
  • Critical (Vista only)
  • Error

    Click the radio button for Number of events
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.

    Load the log
  • In Notepad, click Edit> Select all
  • Then press Edit > Copy
  • Press Ctrl+V on your keyboard to paste the log to your next reply.
(Courtesy rev-Olie)
===============================
The Eset instructions start out like this:
[*] Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
-------------------------------
If you are using IE for the scan, you do not do the following:
[*] For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
Click to expand...
-------------------------------
Could that be the problem with Eset?
 
Bobbeye thanks for the quick reply.

I am having great difficulty with ESET. I followed your instructions exactly for IE and same problem ie 48% it shut down and rebooted.
I uninstalled ESET, followed your instructions again for IE and restarted from scratch, same thing only this time it stopped at approx 45% with BSOD.
Showing : DRIVER_IRQL_NOT_LESS_OR_EQUAL then lots about removing any recently installed hardware or software etc.
Technical info:
STOP: 0x000000D1 (0x00000915, 0x00000005, 0x00000000, 0xF74C26C4)
atapi.sys - Address F74C26C4 base at F74C0000, Datestamp 4802539d
I have not tried again. Sorry but I do feel I am following your instuctions correctly.

I went to the Java website again using IE and caused it to fault and shut down then ran the VEW program and include the pasted log. IE faulted at Log: 'Application' Date/Time: 26/10/2011 17:37:17




Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/10/2011 17:42:15

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/10/2011 17:37:17
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 25/10/2011 12:40:06
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application windowssearch.exe, version 7.0.6001.16503, faulting module unknown, version 0.0.0.0, fault address 0x01b88fa0.

Log: 'Application' Date/Time: 25/10/2011 12:40:06
Type: error Category: 0
Event: 1000 Source: Microsoft IntelliPoint
The event description cannot be found.

Log: 'Application' Date/Time: 25/10/2011 12:40:05
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application googletoolbarnotifier.exe, version 4.1.509.1944, faulting module , version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 25/10/2011 12:40:05
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application psi_tray.exe, version 2.0.0.4002, faulting module unknown, version 0.0.0.0, fault address 0x10078fa0.

Log: 'Application' Date/Time: 24/10/2011 11:15:30
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 24/10/2011 11:14:29
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 24/10/2011 11:10:08
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 22:01:15
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 22:00:53
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 22:00:38
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 21:53:27
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 22/10/2011 23:07:41
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

Log: 'Application' Date/Time: 22/10/2011 22:54:08
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

Log: 'Application' Date/Time: 22/10/2011 11:58:23
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application euwatch.exe, version 3.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00988a90.

Log: 'Application' Date/Time: 22/10/2011 11:58:20
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

Log: 'Application' Date/Time: 22/10/2011 11:58:19
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application osd.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00bf8a90.

Log: 'Application' Date/Time: 22/10/2011 11:58:14
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application soundman.exe, version 5.1.0.5, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

Log: 'Application' Date/Time: 22/10/2011 11:57:30
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application avcenter.exe, version 12.1.0.18, faulting module unknown, version 0.0.0.0, fault address 0x00eb8fa0.

Log: 'Application' Date/Time: 22/10/2011 11:57:29
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application avgnt.exe, version 12.1.0.17, faulting module unknown, version 0.0.0.0, fault address 0x00d98fa0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/10/2011 12:14:16
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 3967b400, parameter3 a0396733, parameter4 00000000.

Log: 'System' Date/Time: 26/10/2011 12:14:10
Type: error Category: 102
Event: 1003 Source: System Error
Error code 10000050, parameter1 a2a7b400, parameter2 00000000, parameter3 a2a7b400, parameter4 00000000.

Log: 'System' Date/Time: 26/10/2011 12:14:07
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 61b7b403, parameter3 b761b733, parameter4 00000000.

Log: 'System' Date/Time: 26/10/2011 12:09:52
Type: error Category: 102
Event: 1003 Source: System Error
Error code 10000050, parameter1 ac67b403, parameter2 00000000, parameter3 ac67b403, parameter4 00000000.

Log: 'System' Date/Time: 26/10/2011 12:08:44
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 04bc78bf, parameter3 b704bbf7, parameter4 00000000.

Log: 'System' Date/Time: 25/10/2011 12:31:47
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/10/2011 10:42:02
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000000a, parameter1 760c7d3b, parameter2 00000002, parameter3 00000000, parameter4 804eb55b.

Log: 'System' Date/Time: 25/10/2011 10:32:36
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 23/10/2011 11:25:31
Type: error Category: 0
Event: 19 Source: Print
Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer3.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:09
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:08
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/10/2011 12:31:08
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Sorry I am not having much luck trying to provide you with information but I really appreciate you perserverance with my problem.

Regards Danny
 
You're doing what I asked and that is good. Unfortunately, We still haven't gotten much information. The only error that correcsponds to the time is the 'generic' app error with 'Faulting application iexplore.exe v8/ faulting module unknown.

That doesn't mean that something isn't happening. It just means neither app or system have corresponding error.

Let's see if the Kaspersky online scan will work bettter that Eset
Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
===================================
A note about the Eset scan: it appears that you are using the Chrome browser. Did you follow this part of the Eset directions?
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
Click to expand...
 
Bobbye thanks for the quick reply

The Kapersky Online Scanner is unavailable, they are waiting for a new improved version coming out.
Regarding the Chrome browser. I uninstalled it yesterday because that was what ESET was scanning on the first attempt when it shut down IE and I wondered if the Chrome browser may have been the problem. IE is my only browser now.
I am quite happy to install another browser to try ESET again if you would like me too.

Regards Danny
 
You didn't say whether you followed the instruction for a browser other than IE when you ran it in Chrome.
----------------------------
Let's get rid of some unneeded files:Run TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
================================
I'd also like you to run Superantispyware. Be sure to check the line for removal of the entries. It will give me an idea of the sites leaving Cookies and malware if any:
SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
=================================>
Then try the Eset scan again, following the instructions for IE.
 
Bobbye thanks again for the quick reply.

You asked if I followed correct instructions for Chrome with ESET.
I have not used Chrome at all to run ESET. What I probably did not explain very well in my last post was that whilst running ESET in IE, I was watching the scan progress and the scan appeared to slow down/stop at the point of scanning the Google Chrome files before shutting down and rebooting. I wondered if that was why it shut down so removed Chrome to eliminate it.
I have always used IE to run ESET following the IE instructions every time.

I have run TFC successfully.

I have run SAS successfully and include the pasted results.

I have tried 4 times today to run ESET in IE following the correct instructions with the following results : 1 x shutdown and reboot, 3 x BSOD.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/27/2011 at 11:35 AM

Application Version : 5.0.1134

Core Rules Database Version : 7856
Trace Rules Database Version: 5668

Scan type : Complete Scan
Total Scan Time : 00:51:51

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 35351
Registry threats detected : 0
File items scanned : 54906
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\OI7TYTN8.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Admin\Cookies\81TS0W61.txt [ /uk.insight.com ]
C:\Documents and Settings\Admin\Cookies\UETVNLRH.txt [ /kaspersky.122.2o7.net ]
C:\Documents and Settings\Admin\Cookies\XUXQJPPX.txt [ /tracking.dc-storm.com ]
C:\Documents and Settings\Admin\Cookies\LCDQZ1P3.txt [ /webmasterplan.com ]
C:\Documents and Settings\Admin\Cookies\QGBKTKT8.txt [ /media6degrees.com ]
C:\Documents and Settings\Admin\Cookies\YXCJ785S.txt [ /statcounter.com ]
C:\Documents and Settings\Admin\Cookies\P78U2VIL.txt [ /interclick.com ]
C:\Documents and Settings\Admin\Cookies\YVLV2JD5.txt [ /invitemedia.com ]
C:\Documents and Settings\Admin\Cookies\06B8GD5A.txt [ /liveperson.net ]
C:\Documents and Settings\Admin\Cookies\0BNV13ZM.txt [ /at.atwola.com ]
C:\Documents and Settings\Admin\Cookies\N4ZA1FB9.txt [ /122.2o7.net ]
C:\Documents and Settings\Admin\Cookies\WQF2TOOZ.txt [ /collective-media.net ]
C:\Documents and Settings\Admin\Cookies\YCL95UNX.txt [ /ad.360yield.com ]
C:\Documents and Settings\Admin\Cookies\O2S74KG6.txt [ /www.windowsmedia.com ]
C:\Documents and Settings\Admin\Cookies\MMT7KEAC.txt [ /yieldmanager.net ]
C:\Documents and Settings\Admin\Cookies\UZU2H0BO.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Admin\Cookies\E38C6SEM.txt [ /avgtechnologies.112.2o7.net ]
C:\Documents and Settings\Admin\Cookies\WIP099XV.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Admin\Cookies\DJL9HGQO.txt [ /ar.atwola.com ]
C:\Documents and Settings\Admin\Cookies\1IIO0821.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\Admin\Cookies\DHHFDWPC.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Admin\Cookies\Q2C3AF2G.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Admin\Cookies\EOKGM294.txt [ /msnportal.112.2o7.net ]
C:\Documents and Settings\Admin\Cookies\RID1OT1F.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Admin\Cookies\MDE03XK0.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Admin\Cookies\1VYGNL1Q.txt [ /webstats.plus.net ]
C:\Documents and Settings\Admin\Cookies\JG7TLOJ5.txt [ /tacoda.at.atwola.com ]


I am sure we will eventually get there with ESET. Please keep sending instructions.

Thank you again.
Regards Danny
 
Looks like you're doing a good job with Tracking Cookie control- here's more help:
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
========================================
See if Kaspersky is back online. It's another online virus scan. They have been updating the database, so if you get that message, let me know:
Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
============================================
Are you getting any notice of proxy problem when you try Eset? It's simple to stop proxy so you can go ahead an do that:
Reset your browser proxies
  • For Firefox:
    o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    o Click on the "Network" tab, and then on the "Settings" button.
    o Please make sure that the "No Proxy" option is selected.
  • For Internet Explorer:
    o Open Internet Explorer.
    o Click on "Tools" and then select "Internet Options".
    o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
    o Uncheck "Use a Proxy server for your LAN".
    o Click OK to close the Local Area Network (LAN) Settings window.
    o Click OK to close the Internet Options window.
 
Bobbye thanks again for the quick reply.

I have reset cookies. My browser proxies checked and found to be already set as your suggestions and no I am not getting any notice of proxy problem when I have tried Eset.

I tried your link to the Kaspersky online scanner and get the following message: 404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

I have googled it and found possible places it may be available but unsure of the safest option can you recommend one please.
The Kaspersky lab site looks a safe option and the tool is described as "Kaspersky Virus Removal Tool"
If that is the correct tool, would you want me to allow it to remove anything or just perform a scan (if possible) as you asked with Eset?

Thanks again Danny
 
Good Morning, Danny. I see Kaspersky has pulled the URL and is still updating the database.

I have another virus scan in my pocket! Let's see if that will run:

Download 32bit TrendMicro HouseCall
  1. Click Download HouseCall to begin.
    Note: HouseCall requires a small download before it can scan your computer.This will prevent compatibility issues.
  2. Choose to save a a copy of the launcher, [bHousecallLauncher.exe[/b]).
  3. Allow update if offered.
  4. Select the Quick Scan option,
  5. Follow any prompts to save log. Include in next reply.
=================================================
Scrabble seems to be an issue now- it may not be the game itself, but some problem with the nt.dll module. Please do this:
File name: scrabble2007.exe module nt.dll
Start > Run > type 'Control Inetcpl.cpl' > Click the Advanced tab > Under Browsing > Uncheck 'Enable third-party browser extensions (requires restart)'
=================================================
This is also a known potential problem: Please search system. If present, delete or disable Service:
Netropa: By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
================================================
Please detail what problems remain.
 
Good evening Bobbye and thank you for your reply.

I have run House Call with no faults found and no log produced pressumably for that reason.

Unchecked 'Enable third-party browser extensions and restarted. I have then tried the game of Scrabble but it closed the game again part way through for the same reason. See pasted VEW log. Scrabble being the first one on the list.
I have pasted the log for your interest but I do appreciate we started this thread for a potential virus / malware problem which you took on because I get the impression that is your prefered speciality.
If you do not think it is a virus / malware problem I do not want to waste your time on it, I can see from other threads how busy you are and appreciate you do all this from the goodness of your heart.

You ask what problems remain. I think the only outstanding item was the problem I had with Java earlier in the thread that you said you would check out later.

Would I be correct in thinking we have not found anything too serious in the way of virus / malware?
I believe the only thing you have mentioned is "Combofix deleted c:\windows\system32\autorun.ini" but I am not sure how serious you thought that was.

I am hoping we have not found anything too serious because we recently bought a new laptop that has been connected to this computer via a home network and set for file sharing, I have also moved things about between the two with a memory stick.
They have not been connected since the begining of this thread and the new laptop is not showing signs of any problems. Having said that I would appreciate any advice on precautionary measures I could take.

Thank you again and look forward to hearing from you.

Regards Danny.

Hope my spelling is not too bad. Would like to download the spell checker for this page but do not want to do anything till I get the ok from you.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/10/2011 22:46:30

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/10/2011 22:40:46
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

Log: 'Application' Date/Time: 29/10/2011 17:18:20
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0xbd93c3a1.

Log: 'Application' Date/Time: 26/10/2011 17:37:17
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 25/10/2011 12:40:06
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application windowssearch.exe, version 7.0.6001.16503, faulting module unknown, version 0.0.0.0, fault address 0x01b88fa0.

Log: 'Application' Date/Time: 25/10/2011 12:40:06
Type: error Category: 0
Event: 1000 Source: Microsoft IntelliPoint
The event description cannot be found.

Log: 'Application' Date/Time: 25/10/2011 12:40:05
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application googletoolbarnotifier.exe, version 4.1.509.1944, faulting module , version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 25/10/2011 12:40:05
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application psi_tray.exe, version 2.0.0.4002, faulting module unknown, version 0.0.0.0, fault address 0x10078fa0.

Log: 'Application' Date/Time: 24/10/2011 11:15:30
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 24/10/2011 11:14:29
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 24/10/2011 11:10:08
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 22:01:15
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 22:00:53
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 22:00:38
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/10/2011 21:53:27
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 22/10/2011 23:07:41
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

Log: 'Application' Date/Time: 22/10/2011 22:54:08
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application scrabble2007.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000101d.

Log: 'Application' Date/Time: 22/10/2011 11:58:23
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application euwatch.exe, version 3.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00988a90.

Log: 'Application' Date/Time: 22/10/2011 11:58:20
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application wscntfy.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

Log: 'Application' Date/Time: 22/10/2011 11:58:19
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application osd.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00bf8a90.

Log: 'Application' Date/Time: 22/10/2011 11:58:14
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application soundman.exe, version 5.1.0.5, faulting module unknown, version 0.0.0.0, fault address 0x10078a90.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/10/2011 17:08:56
Type: error Category: 0
Event: 12 Source: PlugPlayManager
The device 'PIONEER DVD-RW DVR-116D' (IDE\CdRomPIONEER_DVD-RW__DVR-116D________________1.09____\48_0444a3150373932325732204c202020202020) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 29/10/2011 17:08:56
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom1.

Log: 'System' Date/Time: 29/10/2011 17:08:56
Type: error Category: 0
Event: 15 Source: atapi
The device, \Device\Ide\IdePort1, is not ready for access yet.

Log: 'System' Date/Time: 29/10/2011 17:08:33
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom1.

Log: 'System' Date/Time: 29/10/2011 17:08:33
Type: error Category: 0
Event: 15 Source: atapi
The device, \Device\Ide\IdePort1, is not ready for access yet.

Log: 'System' Date/Time: 29/10/2011 17:08:10
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom1.

Log: 'System' Date/Time: 29/10/2011 17:08:10
Type: error Category: 0
Event: 15 Source: atapi
The device, \Device\Ide\IdePort1, is not ready for access yet.

Log: 'System' Date/Time: 28/10/2011 18:18:31
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 1457b400, parameter3 b6145733, parameter4 00000000.

Log: 'System' Date/Time: 28/10/2011 18:18:29
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 840c78bf, parameter3 b7840bf7, parameter4 00000000.

Log: 'System' Date/Time: 28/10/2011 18:18:27
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000000a, parameter1 d0000020, parameter2 00000002, parameter3 00000000, parameter4 804f5038.

Log: 'System' Date/Time: 28/10/2011 18:18:24
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000000a, parameter1 0a0d001f, parameter2 00000002, parameter3 00000000, parameter4 804e39b7.

Log: 'System' Date/Time: 28/10/2011 18:17:13
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000000a, parameter1 760c7d3b, parameter2 00000002, parameter3 00000000, parameter4 804eb55b.

Log: 'System' Date/Time: 28/10/2011 06:15:02
Type: error Category: 0
Event: 10010 Source: DCOM
The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 27/10/2011 11:51:38
Type: error Category: 102
Event: 1003 Source: System Error
Error code 10000050, parameter1 d2b7b403, parameter2 00000000, parameter3 d2b7b403, parameter4 00000000.

Log: 'System' Date/Time: 27/10/2011 10:23:15
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d1, parameter1 00000915, parameter2 00000005, parameter3 00000000, parameter4 f74c26c4.

Log: 'System' Date/Time: 27/10/2011 10:19:52
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 27/10/2011 10:19:52
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 27/10/2011 10:19:52
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 27/10/2011 10:19:52
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 27/10/2011 10:19:52
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
 
Spell Checker: There is one on the Google Toolbar:
Click on the wrench o the right of the Google Toolbar> Tools> Check 'Spell Check> Save.

Re: flash drive and all removable drives: Disinfect all:
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Re empty Java cache. Go through the process again. Make sure on the the Java v6u29 is on the system. Remove any outdated versions in Firefox or Chrome also.
================
Re Scrabble: Recommend uninstall/reinstall
==================
Question: Did you set this to allow?
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)
==================
I'm not seeings any malware entries. If there are no other problems, you can clean up
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Hi Bobbye and thanks for the reply.

Thanks for spellchecker info.

All flash drives disinfected. Took about 5 seconds for 16gb, does that sound about right? Computer rebooted.
===================================
Re empty Java cache. Go through the process again. Make sure on the the Java v6u29 is on the system. Remove any outdated versions in Firefox or Chrome also.
Click to expand...

Reminder from post #6 of this thread. I am still in this situation.
I have run into a problem at the point "clear the Java plug in cache".
I probably misunderstood your instructions and removed the old updates before downloading and installing the new update. Also the update v6u27 you specified was not available so I installed the latest update ie v6u29 assuming that would be ok.
Now I do not have a Java icon in Control Panel and Java is not in my list of installed programs in Control Panel / Add or remove programs. There is however a Java folder in Program Files in Windows Explorer. Thinking it may not have installed properly I attemted to install again only to receive the message from Java "The program is already installed would you like to re-install it". I click yes and a Windows Installer window pops up with the message "This is only appropriate for programs already installed" as if it is not installed. I then appear to go round in circles getting nowhere!
Not wanting to do anything out of order as you explained earlier in the thread I have not gone any further.
Sorry if I have made a mistake but the instruction was slightly ambiguous
Click to expand...

I have tried deleting the Java folder but it makes no difference. Any help would be appreciated.
===================================
Question: Did you set this to allow?
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)
Click to expand...

I am pretty sure you have not mentioned this before so no I have not set it. If you recommend I do so could you please explain how I find it and then set a value.
===================================
Re Scrabble: uninstalled will try that again later. Not too worried about that.

Many thanks again

Regards Danny
 
You must have a copy of the JRE (Java Runtime Environment) on your system to run Java applications and applets. If that is gone, there is no platform for the update. Download (JDK 6) 1.6.2.1 from THIS SITE.

Reboot

Then update Java: Java Updates .

I think this will work.
----------------------------------------
ICMP stands for Internet Connection Message Protocol. ICMP allows you to modify the behavior of the firewall by enabling various ICMP options, such as Allow incoming echo request,
As far as I know, allowing inbound echo request allows the computer to receive a ping or Tracert command. This can be useful if there is a connectivity problem, but if not, I'd like to close the port if you did not specifically set it:

Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No log needed..
====================
If you have already uninstalled Combofix, download and scan again, then run the script.
 
Hi Bobbye and thanks for the reply.

I think my computer is now at a point where I am quite happy it is virus / malware free and running very satisfactory.

I would like to sincerely thank you for all the help you have given me over the last couple of weeks. It is very much appreciated.

Kind regards

Danny
 
You're welcome Danny. If the port is still open, open the Windows Firewwall in the Security center and uncheck it.

Here are some tips to help you keep the system clean:
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie: Previously done
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] Temporary File Cleaner]
    or
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
peace_dove_bigger_normal.jpg
Peace
 
You must log in or register to reply here.

Similar threads

Bob O'Donnell
Amazon AWS is offering free AI training tools to guide users
Replies
1
Views
218
wiyosaya
wiyosaya
Shawn Knight
Raspberry Pi-powered exoskeleton makes walking faster and easier
Replies
16
Views
847
Rock Dirty
R
midian182
Twitch reveals how it was hacked
Replies
4
Views
975
Phaetos
P

Latest posts

Back