Malware that can not be extinguished by Reformatting

[Starblaster1234]

Hey, I would like some live help in the most perplexing computer virus I have ever encountered. I currently enrolled in the Boot Camp, however this goes far beyond anything I've seen in my two years of malware removal

I just finished reformatting and reinstalling the OS (windows XP sp1a was the only disk) and after running a malwarebytes, I got over 2000 infected files. Five minutes after I finished downloading Windows. I would have liked to produce a log, but shortly after running

The only symptoms is a BSoD whenever I install a driver or try a countermeasure.

I will be here for the next 2 hours straight trying to solve this problem so I'm up for anything biggrin.gif

Please also mention what measures I can take so that the computer that I'm using to load up programs with won't get infected.

I have not tried any other modes or measures as of yet.

Thanks,

Starblaster1234

EDIT: I also tried updating the BIOS...not too helpful there... (A12 Dimension BIOS...the link didn't work)

I have two HijackThis files. One is from before I reformatted, one is from after, and they're both useless but here ya go:

BEFORE

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:49:46 PM, on 8/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1243558481\ee\AOLSoftware.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1243558481\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe

O4 - Global Startup: VersionTrackerPro.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238707070625

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://sa.bcps.org/dana-cached/setup/JuniperSetupSP1.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 10788 bytes

AFTER

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:58:51 PM, on 8/15/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

F:\HiJackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 1205 bytes

I also have an RSIT scan (which is useless)

log.txt

Logfile of random's system information tool 1.06 (written by random/random)

Run by Strauss House at 2009-08-15 21:34:02

Microsoft Windows XP Professional Service Pack 1

System drive C: has 149 GB (98%) free of 153 GB

Total RAM: 1535 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:34:06 PM, on 8/15/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Strauss House\Desktop\RSIT.exe

F:\Strauss House.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 1159 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-07-16 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-04-24 4616192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-08-15 21:34:02 ----D---- C:\rsit

2009-08-15 20:38:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-15 20:38:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-15 20:28:08 ----SHD---- C:\RECYCLER

2009-08-15 20:27:47 ----A---- C:\WINDOWS\zip.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\SWSC.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\SWREG.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\sed.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\PEV.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\NIRCMD.exe

2009-08-15 20:27:47 ----A---- C:\WINDOWS\grep.exe

2009-08-15 20:27:45 ----SD---- C:\ComboFix

2009-08-15 20:27:45 ----D---- C:\WINDOWS\ERDNT

2009-08-15 20:27:44 ----A---- C:\WINDOWS\System32\CF5048.exe

2009-08-15 20:27:43 ----D---- C:\Qoobox

2009-08-15 19:49:14 ----A---- C:\WINDOWS\ntbtlog.txt

2009-08-15 19:07:53 ----D---- C:\Documents and Settings\Strauss House\Application Data\Malwarebytes

2009-08-15 19:03:29 ----D---- C:\WINDOWS\Minidump

2009-08-15 18:54:26 ----A---- C:\WINDOWS\System32\Prounstl.exe

2009-08-15 18:54:26 ----A---- C:\WINDOWS\System32\IntelNic.dll

2009-08-15 18:54:26 ----A---- C:\WINDOWS\System32\e100bmsg.dll

2009-08-15 18:52:49 ----D---- C:\WINDOWS\LastGood.Tmp

2009-08-15 18:49:08 ----D---- C:\drvrtmp

2009-08-15 18:47:45 ----D---- C:\Program Files\Intel

2009-08-15 18:47:42 ----A---- C:\WINDOWS\System32\usbui.dll

2009-08-15 18:47:32 ----D---- C:\WINDOWS\System32\ReinstallBackups

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrszht.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrszhc.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrssv.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsptb.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsno.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsnl.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsko.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsja.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsit.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsfr.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsfi.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrses.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsde.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvwrsda.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvsvc32.exe

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvrszht.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvrszhc.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvrssv.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvrsptb.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvrsno.dll

2009-08-15 18:42:12 ----A---- C:\WINDOWS\System32\nvrsnl.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsko.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsja.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsit.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsfr.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsfi.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrses.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsde.dll

2009-08-15 18:42:11 ----A---- C:\WINDOWS\System32\nvrsda.dll

2009-08-15 18:42:10 ----A---- C:\WINDOWS\System32\nvoglnt.dll

2009-08-15 18:42:10 ----A---- C:\WINDOWS\System32\nvmctray.dll

2009-08-15 18:42:10 ----A---- C:\WINDOWS\System32\nvinstnt.dll

2009-08-15 18:42:10 ----A---- C:\WINDOWS\System32\nvcpl.dll

2009-08-15 18:42:09 ----A---- C:\WINDOWS\System32\nv4_disp.dll

2009-08-15 18:38:56 ----SD---- C:\WINDOWS\System32\Microsoft

2009-08-15 18:37:19 ----D---- C:\Program Files\Analog Devices

2009-08-15 18:37:19 ----A---- C:\WINDOWS\System32\DSndUp.exe

2009-08-15 18:37:19 ----A---- C:\WINDOWS\System32\CleanUp.exe

2009-08-15 18:32:50 ----RA---- C:\WINDOWS\System32\hhactivex.dll

2009-08-15 18:32:50 ----A---- C:\WINDOWS\System32\RcdScan.dll

2009-08-15 18:32:49 ----A---- C:\WINDOWS\System32\VB5DB.DLL

2009-08-15 18:32:45 ----HD---- C:\Program Files\InstallShield Installation Information

2009-08-15 18:32:34 ----D---- C:\Program Files\Common Files\InstallShield

2009-08-15 18:30:14 ----SHD---- C:\WINDOWS\Installer

2009-08-15 18:30:11 ----D---- C:\Documents and Settings\Strauss House\Application Data\Identities

2009-08-15 18:30:07 ----HD---- C:\Program Files\Uninstall Information

2009-08-15 18:30:03 ----SD---- C:\Documents and Settings\Strauss House\Application Data\Microsoft

2009-08-15 18:30:03 ----ASH---- C:\Documents and Settings\Strauss House\Application Data\desktop.ini

2009-08-15 11:11:23 ----SHD---- C:\System Volume Information

2009-08-15 11:11:22 ----D---- C:\WINDOWS\Prefetch

2009-08-15 11:11:22 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-15 11:06:04 ----D---- C:\WINDOWS\System32\xircom

2009-08-15 11:06:04 ----D---- C:\Program Files\xerox

2009-08-15 11:06:04 ----D---- C:\Program Files\microsoft frontpage

2009-08-15 11:05:54 ----D---- C:\DELL

2009-08-15 11:04:25 ----A---- C:\WINDOWS\System32\xpsp1hfm.exe

2009-08-15 11:03:56 ----N---- C:\WINDOWS\System32\spmsg.dll

2009-08-15 11:03:45 ----A---- C:\WINDOWS\control.ini

2009-08-15 11:03:45 ----A---- C:\AUTOEXEC.BAT

2009-08-15 11:03:41 ----A---- C:\WINDOWS\OEWABLog.txt

2009-08-15 11:03:39 ----A---- C:\WINDOWS\System32\mapi32.dll

2009-08-15 11:03:03 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-08-15 11:03:03 ----RD---- C:\WINDOWS\Offline Web Pages

2009-08-15 11:03:03 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest

2009-08-15 11:02:59 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest

2009-08-15 11:02:42 ----D---- C:\WINDOWS\System32\DirectX

2009-08-15 11:02:20 ----A---- C:\WINDOWS\System32\safrslv.dll

2009-08-15 11:02:20 ----A---- C:\WINDOWS\System32\safrdm.dll

2009-08-15 11:02:20 ----A---- C:\WINDOWS\System32\safrcdlg.dll

2009-08-15 11:02:20 ----A---- C:\WINDOWS\System32\racpldlg.dll

2009-08-15 11:02:20 ----A---- C:\WINDOWS\System32\atrace.dll

2009-08-15 11:02:18 ----A---- C:\WINDOWS\System32\desktop.ini

2009-08-15 11:02:18 ----A---- C:\WINDOWS\desktop.ini

2009-08-15 11:02:12 ----A---- C:\WINDOWS\System32\nmevtmsg.dll

2009-08-15 11:02:12 ----A---- C:\WINDOWS\System32\mnmsrvc.exe

2009-08-15 11:02:12 ----A---- C:\WINDOWS\System32\isrdbg32.dll

2009-08-15 11:02:11 ----A---- C:\WINDOWS\System32\acctres.dll

2009-08-15 11:02:10 ----D---- C:\Program Files\Common Files\Services

2009-08-15 11:02:10 ----A---- C:\WINDOWS\System32\inetres.dll

2009-08-15 11:02:07 ----SD---- C:\WINDOWS\Tasks

2009-08-15 11:02:06 ----A---- C:\WINDOWS\System32\isign32.dll

2009-08-15 11:02:06 ----A---- C:\WINDOWS\System32\inetcfg.dll

2009-08-15 11:02:06 ----A---- C:\WINDOWS\System32\icwphbk.dll

2009-08-15 11:02:06 ----A---- C:\WINDOWS\System32\icwdial.dll

2009-08-15 11:02:06 ----A---- C:\WINDOWS\System32\icfgnt5.dll

2009-08-15 11:02:04 ----D---- C:\Program Files\Common Files\MSSoap

2009-08-15 11:02:00 ----D---- C:\WINDOWS\System32\Macromed

2009-08-15 11:02:00 ----D---- C:\WINDOWS\srchasst

2009-08-15 11:01:59 ----A---- C:\WINDOWS\System32\qmgrprxy.dll

2009-08-15 11:01:59 ----A---- C:\WINDOWS\System32\qmgr.dll

2009-08-15 11:01:58 ----D---- C:\Program Files\Movie Maker

2009-08-15 11:01:55 ----D---- C:\WINDOWS\System32\Restore

2009-08-15 11:01:55 ----D---- C:\WINDOWS\PCHealth

2009-08-15 11:01:55 ----A---- C:\WINDOWS\System32\srrstr.dll

2009-08-15 11:01:54 ----A---- C:\WINDOWS\System32\srsvc.dll

2009-08-15 11:01:54 ----A---- C:\WINDOWS\System32\srclient.dll

2009-08-15 11:01:54 ----A---- C:\WINDOWS\System32\nmmkcert.dll

2009-08-15 11:01:54 ----A---- C:\WINDOWS\System32\msconf.dll

2009-08-15 11:01:54 ----A---- C:\WINDOWS\System32\mnmdd.dll

2009-08-15 11:01:54 ----A---- C:\WINDOWS\System32\ils.dll

2009-08-15 11:01:51 ----D---- C:\Program Files\NetMeeting

2009-08-15 11:01:51 ----A---- C:\WINDOWS\System32\msoert2.dll

2009-08-15 11:01:51 ----A---- C:\WINDOWS\System32\msoeacct.dll

2009-08-15 11:01:51 ----A---- C:\WINDOWS\System32\inetcomm.dll

2009-08-15 11:01:50 ----D---- C:\Program Files\Outlook Express

2009-08-15 11:01:50 ----A---- C:\WINDOWS\System32\schedsvc.dll

2009-08-15 11:01:50 ----A---- C:\WINDOWS\System32\mstinit.exe

2009-08-15 11:01:50 ----A---- C:\WINDOWS\System32\mstask.dll

2009-08-15 11:01:47 ----D---- C:\Program Files\Common Files\System

2009-08-15 11:01:44 ----D---- C:\Program Files\Internet Explorer

2009-08-15 11:01:26 ----D---- C:\Program Files\ComPlus Applications

2009-08-15 11:01:25 ----A---- C:\WINDOWS\vbaddin.ini

2009-08-15 11:01:25 ----A---- C:\WINDOWS\vb.ini

2009-08-15 11:01:24 ----D---- C:\WINDOWS\Registration

2009-08-15 11:01:22 ----HD---- C:\Program Files\WindowsUpdate

2009-08-15 11:01:22 ----D---- C:\Program Files\Online Services

2009-08-15 11:01:21 ----D---- C:\Program Files\Windows Media Player

2009-08-15 11:01:19 ----D---- C:\Program Files\Messenger

2009-08-15 11:01:14 ----D---- C:\Program Files\MSN Gaming Zone

2009-08-15 11:01:14 ----A---- C:\WINDOWS\System32\write.exe

2009-08-15 11:01:07 ----A---- C:\WINDOWS\System32\sndvol32.exe

2009-08-15 11:01:07 ----A---- C:\WINDOWS\System32\sndrec32.exe

2009-08-15 11:01:07 ----A---- C:\WINDOWS\System32\accwiz.exe

2009-08-15 11:01:06 ----A---- C:\WINDOWS\System32\winchat.exe

2009-08-15 11:01:06 ----A---- C:\WINDOWS\System32\hypertrm.dll

2009-08-15 11:01:06 ----A---- C:\WINDOWS\System32\hticons.dll

2009-08-15 11:01:06 ----A---- C:\WINDOWS\System32\avwav.dll

2009-08-15 11:01:06 ----A---- C:\WINDOWS\System32\avtapi.dll

2009-08-15 11:01:06 ----A---- C:\WINDOWS\System32\avmeter.dll

2009-08-15 11:01:01 ----A---- C:\WINDOWS\System32\getuname.dll

2009-08-15 11:01:00 ----A---- C:\WINDOWS\System32\winmine.exe

2009-08-15 11:01:00 ----A---- C:\WINDOWS\System32\sol.exe

2009-08-15 11:01:00 ----A---- C:\WINDOWS\System32\mshearts.exe

2009-08-15 11:01:00 ----A---- C:\WINDOWS\System32\charmap.exe

2009-08-15 11:01:00 ----A---- C:\WINDOWS\System32\calc.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\usrlogon.cmd

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\tsshutdn.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\tslabels.ini

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\tskill.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\tsdiscon.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\tscon.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\shadow.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\rwinsta.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\reset.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\regini.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\rdshost.exe

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\rdpcfgex.dll

2009-08-15 11:00:59 ----A---- C:\WINDOWS\System32\freecell.exe

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\qwinsta.exe

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\qprocess.exe

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\qappsrv.exe

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\mtxoci.dll

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\msg.exe

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\msdtcuiu.dll

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\msdtctm.dll

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\logoff.exe

2009-08-15 11:00:58 ----A---- C:\WINDOWS\System32\cdmodem.dll

2009-08-15 11:00:57 ----A---- C:\WINDOWS\System32\xolehlp.dll

2009-08-15 11:00:57 ----A---- C:\WINDOWS\System32\msdtcprf.ini

2009-08-15 11:00:57 ----A---- C:\WINDOWS\System32\msdtclog.dll

2009-08-15 11:00:57 ----A---- C:\WINDOWS\System32\msdtc.exe

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\stclient.dll

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\mtxlegih.dll

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\mtxex.dll

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\mtxdm.dll

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\dcomcnfg.exe

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\comrepl.dll

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\comaddin.dll

2009-08-15 11:00:56 ----A---- C:\WINDOWS\System32\colbact.dll

2009-08-15 11:00:55 ----A---- C:\WINDOWS\System32\comuid.dll

2009-08-15 11:00:55 ----A---- C:\WINDOWS\System32\comsnap.dll

2009-08-15 11:00:55 ----A---- C:\WINDOWS\System32\clbcatq.dll

2009-08-15 11:00:55 ----A---- C:\WINDOWS\System32\clbcatex.dll

2009-08-15 11:00:55 ----A---- C:\WINDOWS\System32\catsrvps.dll

2009-08-15 11:00:55 ----A---- C:\WINDOWS\System32\catsrv.dll

2009-08-15 11:00:48 ----A---- C:\WINDOWS\System32\wmimgmt.msc

2009-08-15 11:00:48 ----A---- C:\WINDOWS\System32\servdeps.dll

2009-08-15 11:00:47 ----A---- C:\WINDOWS\System32\mmfutil.dll

2009-08-15 11:00:47 ----A---- C:\WINDOWS\System32\cmprops.dll

2009-08-15 11:00:43 ----D---- C:\Program Files\Windows NT

2009-08-15 11:00:43 ----D---- C:\Program Files\MSN

2009-08-15 11:00:43 ----A---- C:\WINDOWS\System32\mspaint.exe

2009-08-15 11:00:43 ----A---- C:\WINDOWS\System32\mplay32.exe

2009-08-15 11:00:42 ----A---- C:\WINDOWS\System32\wuaueng.dll

2009-08-15 11:00:42 ----A---- C:\WINDOWS\System32\wuauclt.exe

2009-08-15 11:00:42 ----A---- C:\WINDOWS\System32\spider.exe

2009-08-15 11:00:42 ----A---- C:\WINDOWS\System32\clipbrd.exe

2009-08-15 11:00:41 ----A---- C:\WINDOWS\System32\wuauserv.dll

2009-08-15 11:00:41 ----A---- C:\WINDOWS\System32\tscfgwmi.dll

2009-08-15 11:00:41 ----A---- C:\WINDOWS\System32\remotepg.dll

2009-08-15 11:00:41 ----A---- C:\WINDOWS\System32\mstscax.dll

2009-08-15 11:00:41 ----A---- C:\WINDOWS\System32\mstsc.exe

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\tscupgrd.exe

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\termsrv.dll

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\sessmgr.exe

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\rdsaddin.exe

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\rdpwsx.dll

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\rdpsnd.dll

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\rdpclip.exe

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\rdchost.dll

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\icaapi.dll

2009-08-15 11:00:40 ----A---- C:\WINDOWS\System32\cfgbkend.dll

2009-08-15 11:00:39 ----D---- C:\WINDOWS\System32\MsDtc

2009-08-15 11:00:39 ----D---- C:\WINDOWS\System32\Com

2009-08-15 11:00:39 ----A---- C:\WINDOWS\System32\msdtcprx.dll

2009-08-15 11:00:39 ----A---- C:\WINDOWS\System32\comsvcs.dll

2009-08-15 11:00:39 ----A---- C:\WINDOWS\System32\catsrvut.dll

2009-08-15 11:00:36 ----A---- C:\WINDOWS\System32\licwmi.dll

2009-08-15 04:00:14 ----A---- C:\WINDOWS\System32\h323log.txt

2009-08-15 03:55:23 ----A---- C:\WINDOWS\System32\ksuser.dll

2009-08-15 03:54:25 ----D---- C:\Program Files\Common Files\ODBC

2009-08-15 03:54:25 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

2009-08-15 03:54:25 ----A---- C:\WINDOWS\ODBCINST.INI

2009-08-15 03:54:22 ----D---- C:\Program Files\Common Files\SpeechEngines

2009-08-15 03:54:21 ----RD---- C:\Program Files

2009-08-15 03:54:21 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-08-15 03:54:21 ----D---- C:\Program Files\Common Files

2009-08-15 03:54:19 ----RA---- C:\WINDOWS\System32\kbdtuq.dll

2009-08-15 03:54:19 ----RA---- C:\WINDOWS\System32\kbdtuf.dll

2009-08-15 03:54:19 ----RA---- C:\WINDOWS\System32\kbdazel.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdycc.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbduzb.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdur.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdtat.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdru1.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdru.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdmon.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdkyr.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdkaz.dll

2009-08-15 03:54:18 ----RA---- C:\WINDOWS\System32\kbdaze.dll

2009-08-15 03:54:17 ----RA---- C:\WINDOWS\System32\kbdbu.dll

2009-08-15 03:54:17 ----RA---- C:\WINDOWS\System32\kbdblr.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdhept.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdhela3.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdhela2.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdhe319.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdhe220.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdhe.dll

2009-08-15 03:54:16 ----RA---- C:\WINDOWS\System32\kbdgkl.dll

2009-08-15 03:54:15 ----RA---- C:\WINDOWS\System32\kbdlv1.dll

2009-08-15 03:54:15 ----RA---- C:\WINDOWS\System32\kbdlt1.dll

2009-08-15 03:54:15 ----RA---- C:\WINDOWS\System32\kbdlt.dll

2009-08-15 03:54:14 ----RA---- C:\WINDOWS\System32\kbdlv.dll

2009-08-15 03:54:14 ----RA---- C:\WINDOWS\System32\kbdest.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdycl.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdsl1.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdsl.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdro.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdpl1.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdpl.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdhu1.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdhu.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdcz2.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdcz1.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdcz.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\kbdcr.dll

2009-08-15 03:54:13 ----RA---- C:\WINDOWS\System32\KBDAL.DLL

2009-08-15 03:54:11 ----A---- C:\WINDOWS\System32\irclass.dll

2009-08-15 03:54:10 ----A---- C:\WINDOWS\System32\spxcoins.dll

2009-08-15 03:54:10 ----A---- C:\WINDOWS\System32\EqnClass.Dll

2009-08-15 03:54:10 ----A---- C:\WINDOWS\System32\dgsetup.dll

2009-08-15 03:54:10 ----A---- C:\WINDOWS\System32\dgrpsetu.dll

2009-08-15 03:54:09 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-08-15 03:54:09 ----A---- C:\WINDOWS\NOTEPAD.EXE

2009-08-15 03:54:08 ----N---- C:\WINDOWS\System32\CONFIG.TMP

2009-08-15 03:54:08 ----A---- C:\WINDOWS\System32\storprop.dll

2009-08-15 03:54:08 ----A---- C:\WINDOWS\System32\batt.dll

2009-08-15 03:54:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2009-08-15 03:54:02 ----RA---- C:\WINDOWS\SETD.tmp

2009-08-15 03:54:01 ----RA---- C:\WINDOWS\SET7.tmp

2009-08-15 03:53:59 ----RA---- C:\WINDOWS\SET3.tmp

2009-08-15 03:53:53 ----D---- C:\WINDOWS\System32\CatRoot2

2009-08-15 03:53:53 ----D---- C:\WINDOWS\System32\CatRoot

2009-08-15 03:53:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-08-15 03:53:38 ----A---- C:\WINDOWS\setuplog.txt

2009-08-15 03:53:35 ----D---- C:\Documents and Settings

2009-08-15 03:53:03 ----SH---- C:\boot.ini

2009-08-15 03:49:53 ----RSHDC---- C:\WINDOWS\System32\dllcache

2009-08-15 03:49:53 ----RSD---- C:\WINDOWS\Fonts

2009-08-15 03:49:53 ----RD---- C:\WINDOWS\Web

2009-08-15 03:49:53 ----HD---- C:\WINDOWS\inf

2009-08-15 03:49:53 ----D---- C:\WINDOWS\WinSxS

2009-08-15 03:49:53 ----D---- C:\WINDOWS\twain_32

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Temp

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\wins

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\wbem

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\usmt

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\spool

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\ShellExt

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\Setup

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\ras

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\oobe

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\npp

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\mui

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\inetsrv

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\IME

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\icsxml

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\ias

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\export

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\drivers

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\dhcp

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\config

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\3com_dmi

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\3076

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\2052

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1054

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1042

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1041

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1037

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1033

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1031

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1028

2009-08-15 03:49:53 ----D---- C:\WINDOWS\System32\1025

2009-08-15 03:49:53 ----D---- C:\WINDOWS\system32

2009-08-15 03:49:53 ----D---- C:\WINDOWS\system

2009-08-15 03:49:53 ----D---- C:\WINDOWS\security

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Resources

2009-08-15 03:49:53 ----D---- C:\WINDOWS\repair

2009-08-15 03:49:53 ----D---- C:\WINDOWS\mui

2009-08-15 03:49:53 ----D---- C:\WINDOWS\msapps

2009-08-15 03:49:53 ----D---- C:\WINDOWS\msagent

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Media

2009-08-15 03:49:53 ----D---- C:\WINDOWS\java

2009-08-15 03:49:53 ----D---- C:\WINDOWS\ime

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Help

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Driver Cache

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Debug

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Cursors

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Connection Wizard

2009-08-15 03:49:53 ----D---- C:\WINDOWS\Config

2009-08-15 03:49:53 ----D---- C:\WINDOWS\AppPatch

2009-08-15 03:49:53 ----D---- C:\WINDOWS\addins

2009-08-15 03:49:53 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-08-15 18:30:10 ----A---- C:\WINDOWS\win.ini

2009-08-15 03:54:21 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]

R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-07-16 9600]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-04-24 1271706]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-16 19328]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-04-24 69632]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-08-15 21:34:08

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"

HijackThis 2.0.2-->"F:\HijackThis.exe" /uninstall

Intel® PRO Network Adapters and Drivers-->Prounstl.exe

NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"

======System event log======

Computer Name: STRAUSS

Event Code: 4

Message: Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Record Number: 88

Source Name: E100B

Time Written: 20090815190329.000000-420

Event Type: warning

User:

Computer Name: STRAUSS

Event Code: 4

Message: Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Record Number: 86

Source Name: E100B

Time Written: 20090815185433.000000-420

Event Type: warning

User:

Computer Name: STRAUSS

Event Code: 4

Message: Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Record Number: 84

Source Name: E100B

Time Written: 20090815185258.000000-420

Event Type: warning

User:

Computer Name: STRAUSS

Event Code: 4

Message: Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Record Number: 68

Source Name: E100B

Time Written: 20090815185017.000000-420

Event Type: warning

User:

Computer Name: STRAUSS

Event Code: 4

Message: Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Record Number: 64

Source Name: E100B

Time Written: 20090815184916.000000-420

Event Type: warning

User:

=====Application event log=====

Computer Name: STRAUSS

Event Code: 8193

Message: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Record Number: 33

Source Name: VSS

Time Written: 20090815194927.000000-420

Event Type: error

User:

Computer Name: STRAUSS

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 32

Source Name: EventSystem

Time Written: 20090815194927.000000-420

Event Type: error

User:

Computer Name: STRAUSS

Event Code: 1000

Message: Faulting application explorer.exe, version 6.0.2800.1106, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 31

Source Name: Application Error

Time Written: 20090815194550.000000-420

Event Type: error

User:

Computer Name: STRAUSS

Event Code: 1000

Message: Faulting application mbam.exe, version 1.40.0.0, faulting module wininet.dll, version 6.0.2800.1106, fault address 0x00011348.

Record Number: 28

Source Name: Application Error

Time Written: 20090815190802.000000-420

Event Type: error

User:

Computer Name: STRAUSS

Event Code: 1000

Message: Faulting application nvsvc32.exe, version 6.14.1.4354, faulting module nvcpl.dll, version 6.14.1.4354, fault address 0x000363f7.

Record Number: 26

Source Name: Application Error

Time Written: 20090815190337.000000-420

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0209

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Those are all the logs that would run (I can try anything)

And here are some errors with boot CD's

Dr.Web LiveCD Error

http://img33.imageshack.us/img33/505/0815092202.jpg

Avira AntiVir Error (you have to see this one)

http://img188.imageshack.us/img188/5359/0815092220.jpg

Kaspersky Error

http://img38.imageshack.us/img38/233/0815092230.jpg

I'm currently a helper-in-training over at spywareinfoforum.com and this is way over my head.

After trying to format and restore a second time, hoping that I could run malwarebytes again and see the name this time, the malware interfered with the format and restore by saying a some files were missing and stopped the setup right there.

So now I have no OS, but the malware is still there. What should I do?

Thanks,

Starblaster1234

[miekiemoes]

Hi,

I just finished reformatting and reinstalling the OS (windows XP sp1a was the only disk) and after running a malwarebytes, I got over 2000 infected files. Five minutes after I finished downloading Windows. I would have liked to produce a log, but shortly after running

Looks like it's clear here that you are dealing with a file infector, so most probably your backups are infected as well which explains why the infection comes back all the time.

I suggest you format and reinstall another time, but don't replace any of the backups here, or don't use any of the thumbdrives as well on this computer.

Also see here:

Virut and other File infectors - Throwing in the Towel?

[Starblaster1234]

There has been no replacing of backups at all, and I can't format and reinstall because files go missing on the disk during installation.

[miekiemoes]

A format and reinstall is really the only solution though. I guess you've done something wrong there.

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Please DISCONNECT from the internet during reinstall and leave the pc disconnected. Via a clean PC, burn the installer for an Antivirus and Firewall on cd (do not use flashdrives) and transfer to the fresh installed pc (with still no internet connection on that one). Once the Firewall and Antivirus is installed, connect with the internet and immediately update Windows.

and I can't format and reinstall because files go missing on the disk during installation.

If thats the case after you performed above, then this is a hardware issue (damaged drive), because files don't go missing like that after a format and reinstall.

[Starblaster1234]

The PC has been disconnected from the internet and has no connection for a few days now.

Before, it was reformatting fine, but I think the virus has somehow interfered with the formatting of the drive...

[miekiemoes]

Malware won't survive a format since a format wipes everything on it.

[Starblaster1234]

I guess it's safe to conclude that the hard drive is corrupted then?

[miekiemoes]

Yes, because if a format and reinstall doesn't solve anything, then a corrupt drive is the only thing that makes sense.

Unless ofcourse, as I already explained previously, you did something wrong and did not properly format and reinstall.

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.