Jump to content

MBAM_ERROR_CHECK_INFECTED (0,9) & TR/Crypt.XPack.GenTrojan


hks

Recommended Posts

Hi all,

Updating a friends computer when I found a majority of Microsoft Updates were never installed - looks like he attempted but many failed. I have tried to remove as many of the old programs that were outdated/insecure per Secunia. Still running into problems...screen now looks like I'm in 'Safe-mode'.

Ran Malwarebytes once successfully but then received error "MBAM_ERROR_CHECK_INFECTED(0,9)"

Per the Malwarebytes' section "I'm infected - What do I do now?" I downloaded Avira AntiVir Personal which uncovered between 700-800 issues. Mostly Adware - but also a Trojan - TR/Crypt.XPack.GenTrojan

Thanks in advance for any help you could provide!

I attempted to run DeFogger - but it did not request me to reboot. Here are the log results:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 12:47 on 27/08/2010 (Stuart)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

GMER Rootkit Scanner ran but would not allow me to save the output.

Here is the DDS.txt:

DDS (Ver_10-03-17.01) - FAT32x86

Run by Stuart at 12:15:51.43 on Fri 08/27/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.664 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

SVCHOST.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Stuart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Stuart\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page =

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\stuart\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\stuart~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: bankofamerica.com

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282595992671

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

Notify: LMIinit - LMIinit.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stuart~1\applic~1\mozilla\firefox\profiles\0sg2tih9.default\

FF - plugin: c:\documents and settings\stuart\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-27 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-27 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-27 60936]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-31 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-31 47640]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-1-29 163408]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-1-29 499680]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\stuart~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\stuart~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\stuart~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\stuart~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-2-2 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-08-27 16:00:56 0 ----a-w- c:\documents and settings\stuart\defogger_reenable

2010-08-27 13:33:55 0 d-----w- c:\docume~1\stuart~1\applic~1\Windows Search

2010-08-27 04:14:37 0 d-----w- c:\docume~1\stuart~1\applic~1\Avira

2010-08-27 04:12:09 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-27 04:12:09 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-08-27 04:09:19 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-08-27 04:09:16 0 d-----w- c:\program files\Avira

2010-08-27 04:09:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-08-27 03:36:17 7794 ----a-w- c:\windows\vp171b-2.cat

2010-08-27 03:36:17 7786 ----a-w- c:\windows\g90f-3.cat

2010-08-27 03:36:17 7782 ----a-w- c:\windows\q51-9.cat

2010-08-27 03:36:17 512 ----a-w- c:\windows\VP171b-2.icm

2010-08-27 03:36:17 512 ----a-w- c:\windows\Q51-9.icm

2010-08-27 03:36:17 512 ----a-w- c:\windows\G90f-3.icm

2010-08-27 03:36:17 1224 ----a-w- c:\windows\VP171b-2.inf

2010-08-27 03:36:17 1204 ----a-w- c:\windows\Q51-9.inf

2010-08-27 03:36:17 1164 ----a-w- c:\windows\G90f-3.inf

2010-08-27 02:56:58 0 d-----w- c:\windows\system32\winrm

2010-08-27 02:56:43 0 d--h--w- c:\windows\$968930Uinstall_KB968930$

2010-08-26 23:15:06 0 d-----w- c:\docume~1\stuart~1\applic~1\Windows Desktop Search

2010-08-26 23:10:38 0 d-----w- c:\program files\Windows Desktop Search

2010-08-26 23:10:35 0 d-----w- c:\windows\system32\GroupPolicy

2010-08-26 23:07:59 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2010-08-26 23:07:59 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2010-08-26 23:07:59 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2010-08-26 23:00:25 0 d-----w- c:\program files\Windows Media Connect 2

2010-08-26 22:46:11 0 d-----w- c:\windows\system32\LogFiles

2010-08-26 22:41:20 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-08-26 22:27:38 0 d-----w- c:\windows\nview

2010-08-26 22:17:38 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-08-26 22:00:01 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-08-26 21:52:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-08-26 21:52:27 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-08-26 21:38:12 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2010-08-26 21:38:11 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2010-08-26 21:38:10 110592 ------w- c:\windows\system32\dllcache\services.exe

2010-08-26 21:38:09 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2010-08-26 21:38:09 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2010-08-26 21:38:08 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-08-26 21:38:07 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2010-08-26 21:38:07 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2010-08-26 21:38:06 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2010-08-26 21:38:05 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-08-26 21:38:03 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-08-26 21:37:53 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-08-26 21:37:37 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-08-26 21:37:27 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-08-26 21:17:37 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-08-26 20:59:03 0 d-----w- c:\program files\common files\Voyetra

2010-08-24 12:41:38 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-08-24 12:40:41 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-24 12:29:49 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-08-23 22:35:22 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-08-23 21:24:27 0 d-----w- c:\windows\system32\scripting

2010-08-23 21:24:24 0 d-----w- c:\windows\l2schemas

2010-08-23 21:24:23 0 d-----w- c:\windows\system32\en

2010-08-23 13:40:44 0 d-----w- c:\docume~1\stuart~1\applic~1\Malwarebytes

2010-08-23 13:40:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 13:40:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-22 12:03:33 0 d-----w- c:\program files\CCleaner

2010-08-21 15:24:14 0 d-----w- c:\docume~1\stuart~1\applic~1\SUPERAntiSpyware.com

2010-08-21 15:24:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-21 14:40:03 0 d-----w- c:\program files\Secunia

2010-08-20 19:31:14 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-20 19:06:28 0 ----a-w- C:\install.rdf

2010-08-20 18:31:31 0 d-----w- c:\program files\VS Revo Group

==================== Find3M ====================

2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-24 12:22:04 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:22:04 916480 ------w- c:\windows\system32\dllcache\wininet.dll

2010-06-24 12:22:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-24 12:22:02 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll

2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-06-24 12:22:02 206848 ----a-w- c:\windows\system32\dllcache\occache.dll

2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-06-24 12:22:00 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-24 12:22:00 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll

2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-24 12:21:56 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:10 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-18 11:39:18 16896 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:46 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-06-09 22:47:46 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-06-09 22:47:44 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-06-09 22:47:44 29568 ----a-w- c:\windows\system32\LMIport.dll

2000-10-13 20:56:50 271 --sh--w- c:\program files\desktop.ini

2000-10-13 20:56:50 23357 ---h--w- c:\program files\folder.htt

============= FINISH: 12:16:51.53 ===============

Attach.zip

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi Elise,

Thank you so much for the reply! Let me post the results from OTL, then I'll work on Rootkit Unhooker and then reply to your other questions.

Thanks!

OTL logfile created on: 8/28/2010 9:28:16 AM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Stuart\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 55.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.23 Gb Total Space | 22.24 Gb Free Space | 59.73% Space Free | Partition Type: FAT32

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STONEPC

Current User Name: Stuart

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 09:26:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe

PRC - [2010/07/22 22:06:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/07/21 07:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe

PRC - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:32 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 09:26:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2010/06/09 18:48:06 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/11/13 15:43:50 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\STUART~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\STUART~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys -- (PSI)

DRV - [2010/06/09 18:47:46 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2010/03/01 10:05:26 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)

DRV - [2010/02/16 14:24:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)

DRV - [2009/05/11 12:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)

DRV - [2008/10/17 21:37:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2005/08/19 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2005/08/19 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2004/08/04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)

DRV - [2003/07/28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)

DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PFMODNT.SYS -- (PfModNT)

DRV - [2002/06/19 01:14:20 | 000,025,226 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2002/06/19 01:14:14 | 000,029,446 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2002/06/19 01:14:08 | 000,127,026 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2002/06/19 01:09:04 | 000,237,568 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2002/06/19 01:07:42 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)

DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys -- (EL90XBC)

DRV - [2001/08/13 17:17:34 | 000,737,973 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)

DRV - [2001/01/15 10:54:40 | 000,499,680 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbcwdm.sys -- (tbcwdm)

DRV - [2001/01/15 10:54:34 | 000,163,408 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbcspud.sys -- (tbcspud)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1202660629-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-602162358-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3

FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 13:47:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/20 13:47:16 | 000,000,000 | ---D | M]

[2010/08/20 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Extensions

[2010/08/20 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions

[2010/08/23 15:30:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/23 15:30:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/08/20 14:01:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/08/20 14:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010/08/23 13:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions\https-everywhere@eff.org

[2010/08/20 14:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart \Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\extensions\vtzilla@virustotal.com

[2010/08/20 13:47:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/20 15:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2002/09/03 14:39:20 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKU\S-1-5-21-602162358-1202660629-854245398-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-602162358-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O15 - HKU\S-1-5-21-60................................03\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1282595992671 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll File not found

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2000/08/09 10:26:38 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]

O32 - AutoRun File - [2005/01/19 17:23:14 | 000,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]

O32 - AutoRun File - [2005/01/19 17:23:14 | 000,000,194 | -H-- | M] () - C:\AutoExec.bat -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/28 09:26:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe

[2010/08/27 12:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2010/08/27 12:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Desktop\links

[2010/08/27 09:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\Windows Search

[2010/08/27 00:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart \Application Data\Avira

[2010/08/27 00:12:09 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2010/08/27 00:12:09 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2010/08/27 00:09:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/08/27 00:09:19 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/08/27 00:09:19 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/08/27 00:09:19 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/08/27 00:09:19 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/08/27 00:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/08/27 00:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/08/26 23:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/08/26 22:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell

[2010/08/26 22:56:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2010/08/26 22:56:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2010/08/26 22:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/08/26 21:27:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stuart\Recent

[2010/08/26 19:45:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2010/08/26 19:45:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2010/08/26 19:45:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2010/08/26 19:45:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2010/08/26 19:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2010/08/26 19:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2010/08/26 19:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2010/08/26 19:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2010/08/26 19:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2010/08/26 19:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2010/08/26 19:45:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2010/08/26 19:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\Windows Desktop Search

[2010/08/26 19:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2010/08/26 19:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010/08/26 19:07:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll

[2010/08/26 19:07:59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll

[2010/08/26 19:07:59 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll

[2010/08/26 19:03:06 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2010/08/26 19:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2010/08/26 18:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2010/08/26 18:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010/08/26 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/08/26 18:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview

[2010/08/26 18:17:38 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2010/08/26 18:00:01 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2010/08/26 17:52:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll

[2010/08/26 17:52:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll

[2010/08/26 17:38:07 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll

[2010/08/26 17:38:05 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2010/08/26 17:38:03 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2010/08/26 17:37:53 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2010/08/26 17:17:37 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2010/08/26 16:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Voyetra

[2010/08/24 08:41:38 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2010/08/24 08:40:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010/08/24 08:29:49 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys

[2010/08/23 18:35:22 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2010/08/23 18:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/08/23 17:42:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/08/23 17:24:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/08/23 17:24:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010/08/23 17:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/08/23 09:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\Malwarebytes

[2010/08/23 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/23 09:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/22 08:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/08/21 11:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\SUPERAntiSpyware.com

[2010/08/21 11:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/08/21 10:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2010/08/20 16:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/08/20 15:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/08/20 15:31:14 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/08/20 14:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010/08/20 13:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Local Settings\Application Data\Mozilla

[2010/08/20 13:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\Mozilla

[2010/08/20 13:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 09:26:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe

[2010/08/28 09:17:12 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{43FDF985-5F97-4F85-83C0-FD02088697B6}.job

[2010/08/27 13:45:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-854245398-1003Core1cb42ea54c99d30.job

[2010/08/27 13:07:16 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Attach.zip

[2010/08/27 12:48:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/27 12:46:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/27 12:46:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/27 12:46:02 | 1072,840,704 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/27 12:21:46 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\oc30vw7p.exe

[2010/08/27 12:15:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\dds.com

[2010/08/27 12:00:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stuart\defogger_reenable

[2010/08/27 11:59:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Defogger.exe

[2010/08/27 10:30:46 | 003,276,800 | ---- | M] () -- C:\Documents and Settings\Stuart\NTUSER.DAT

[2010/08/27 10:30:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stuart\ntuser.ini

[2010/08/27 10:30:40 | 000,733,704 | -H-- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\IconCache.db

[2010/08/27 00:09:38 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/08/26 23:28:38 | 000,609,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/26 23:28:38 | 000,523,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/26 23:28:38 | 000,094,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/26 23:00:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/08/26 22:43:34 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/26 22:32:44 | 000,000,648 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/08/26 19:13:06 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2010/08/26 19:02:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/08/26 19:02:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/08/26 18:46:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/08/26 17:41:16 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/23 18:24:16 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/08/23 17:15:36 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/08/23 13:48:52 | 000,019,280 | ---- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/23 13:42:00 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Google Chrome.lnk

[2010/08/23 13:42:00 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/21 10:40:58 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Secunia PSI.lnk

[2010/08/20 15:06:30 | 000,000,000 | ---- | M] () -- C:\install.rdf

[2010/08/20 14:31:36 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Revo Uninstaller.lnk

[2010/08/20 14:22:04 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Shortcut to firefox.lnk

[2010/08/20 13:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/27 13:07:15 | 000,003,022 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Attach.zip

[2010/08/27 12:22:08 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\oc30vw7p.exe

[2010/08/27 12:15:29 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\dds.com

[2010/08/27 12:00:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stuart\defogger_reenable

[2010/08/27 11:59:36 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Defogger.exe

[2010/08/27 00:09:37 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/08/26 23:36:17 | 000,007,794 | ---- | C] () -- C:\WINDOWS\vp171b-2.cat

[2010/08/26 23:36:17 | 000,007,786 | ---- | C] () -- C:\WINDOWS\g90f-3.cat

[2010/08/26 23:36:17 | 000,007,782 | ---- | C] () -- C:\WINDOWS\q51-9.cat

[2010/08/26 23:36:17 | 000,001,224 | ---- | C] () -- C:\WINDOWS\VP171b-2.inf

[2010/08/26 23:36:17 | 000,001,204 | ---- | C] () -- C:\WINDOWS\Q51-9.inf

[2010/08/26 23:36:17 | 000,001,164 | ---- | C] () -- C:\WINDOWS\G90f-3.inf

[2010/08/26 23:36:17 | 000,000,512 | ---- | C] () -- C:\WINDOWS\VP171b-2.icm

[2010/08/26 23:36:17 | 000,000,512 | ---- | C] () -- C:\WINDOWS\Q51-9.icm

[2010/08/26 23:36:17 | 000,000,512 | ---- | C] () -- C:\WINDOWS\G90f-3.icm

[2010/08/26 22:27:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010/08/26 22:13:47 | 1072,840,704 | -HS- | C] () -- C:\hiberfil.sys

[2010/08/26 19:13:04 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2010/08/26 18:46:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/08/23 13:40:52 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-854245398-1003Core1cb42ea54c99d30.job

[2010/08/21 10:40:57 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Secunia PSI.lnk

[2010/08/20 15:06:28 | 000,000,000 | ---- | C] () -- C:\install.rdf

[2010/08/20 14:31:34 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Revo Uninstaller.lnk

[2010/08/20 14:22:03 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Shortcut to firefox.lnk

[2010/08/20 13:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/06/24 03:30:32 | 000,082,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2007/11/04 11:39:03 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2007/11/04 11:32:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/04/04 20:40:29 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\fusioncache.dat

[2007/03/29 11:35:31 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2007/03/29 11:10:19 | 000,004,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/01/29 10:56:07 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2005/04/07 11:04:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2005/02/28 09:08:51 | 000,000,074 | ---- | C] () -- C:\WINDOWS\sc0ctmp.ini

[2005/02/02 19:18:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/02/02 15:06:47 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/02/02 15:04:48 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI

[2002/07/30 11:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/10/13 16:56:49 | 000,023,357 | -H-- | C] () -- C:\Program Files\folder.htt

< End of report >

[2010/08/28 09:30:54 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Stuart\NTUSER.DAT.LOG

[2010/08/28 09:26:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe

[2010/08/28 09:17:12 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{43FDF985-5F97-4F85-83C0-FD02088697B6}.job

[2010/08/27 13:45:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-854245398-1003Core1cb42ea54c99d30.job

[2010/08/27 13:07:16 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Attach.zip

[2010/08/27 12:48:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/27 12:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2010/08/27 12:46:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/27 12:46:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/27 12:21:46 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\oc30vw7p.exe

[2010/08/27 12:15:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\dds.com

[2010/08/27 12:00:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stuart\defogger_reenable

[2010/08/27 11:59:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Defogger.exe

[2010/08/27 10:30:46 | 003,276,800 | ---- | M] () -- C:\Documents and Settings\Stuart\NTUSER.DAT

[2010/08/27 10:30:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stuart\ntuser.ini

[2010/08/27 10:30:40 | 000,733,704 | -H-- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\IconCache.db

[2010/08/27 09:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Windows Search

[2010/08/27 00:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Avira

[2010/08/27 00:09:38 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/08/27 00:09:18 | 000,000,000 | ---D | M] -- C:\Program Files\Avira

[2010/08/27 00:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/08/26 23:28:38 | 000,609,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/26 23:28:38 | 000,523,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/26 23:28:38 | 000,094,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/26 23:05:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2010/08/26 23:00:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/08/26 22:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight

[2010/08/26 22:43:34 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/26 22:32:44 | 000,000,648 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/08/26 21:27:50 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Stuart\Recent

[2010/08/26 19:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Windows Desktop Search

[2010/08/26 19:13:06 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2010/08/26 19:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search

[2010/08/26 19:02:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/08/26 19:02:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/08/26 19:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2

[2010/08/26 18:46:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/08/26 18:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/08/26 17:41:16 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/26 16:59:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Voyetra

[2010/08/23 18:24:16 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/08/23 13:48:52 | 000,019,280 | ---- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/23 13:42:00 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Google Chrome.lnk

[2010/08/23 13:42:00 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/23 09:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Malwarebytes

[2010/08/23 09:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/23 09:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/22 08:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2010/08/21 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\SUPERAntiSpyware.com

[2010/08/21 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/08/21 10:40:58 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Secunia PSI.lnk

[2010/08/21 10:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia

[2010/08/20 16:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/08/20 15:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/08/20 14:31:36 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Revo Uninstaller.lnk

[2010/08/20 14:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group

[2010/08/20 14:22:04 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Shortcut to firefox.lnk

[2010/08/20 13:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/08/20 13:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Local Settings\Application Data\Mozilla

[2010/08/20 13:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Mozilla

[2010/08/20 13:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2010/07/09 11:25:24 | 000,082,248 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/09/20 17:31:10 | 000,004,366 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/04/04 20:40:30 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\fusioncache.dat

[2005/02/03 14:47:28 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/02/02 10:55:44 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Stuart\Application Data\desktop.ini

[2005/02/02 10:55:44 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2000/10/13 16:56:50 | 000,023,357 | -H-- | M] () -- C:\Program Files\folder.htt

[2000/10/13 16:56:50 | 000,000,271 | -HS- | M] () -- C:\Program Files\desktop.ini

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 09:26:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe

[2010/08/28 09:17:12 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{43FDF985-5F97-4F85-83C0-FD02088697B6}.job

[2010/08/27 13:45:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-854245398-1003Core1cb42ea54c99d30.job

[2010/08/27 13:07:16 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Attach.zip

[2010/08/27 12:48:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/27 12:46:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/27 12:46:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/27 12:46:02 | 1072,840,704 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/27 12:21:46 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\oc30vw7p.exe

[2010/08/27 12:15:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\dds.com

[2010/08/27 12:00:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stuart\defogger_reenable

[2010/08/27 11:59:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Defogger.exe

[2010/08/27 10:30:46 | 003,276,800 | ---- | M] () -- C:\Documents and Settings\Stuart\NTUSER.DAT

[2010/08/27 10:30:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stuart\ntuser.ini

[2010/08/27 10:30:40 | 000,733,704 | -H-- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\IconCache.db

[2010/08/27 00:09:38 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/08/26 23:28:38 | 000,609,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/26 23:28:38 | 000,523,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/26 23:28:38 | 000,094,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/26 23:00:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/08/26 22:43:34 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/26 22:32:44 | 000,000,648 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/08/26 19:13:06 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2010/08/26 19:02:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/08/26 19:02:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/08/26 18:46:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/08/26 17:41:16 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/23 18:24:16 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/08/23 17:15:36 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/08/23 13:48:52 | 000,019,280 | ---- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/23 13:42:00 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Google Chrome.lnk

[2010/08/23 13:42:00 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/21 10:40:58 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Secunia PSI.lnk

[2010/08/20 15:06:30 | 000,000,000 | ---- | M] () -- C:\install.rdf

[2010/08/20 14:31:36 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Revo Uninstaller.lnk

[2010/08/20 14:22:04 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Shortcut to firefox.lnk

[2010/08/20 13:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< End of report >

OTL Extras logfile created on: 8/28/2010 9:28:16 AM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Stuart\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 55.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.23 Gb Total Space | 22.24 Gb Free Space | 59.73% Space Free | Partition Type: FAT32

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STONEPC

Current User Name: Stuart

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-602162358-1202660629-854245398-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Linksys EasyLink Advisor" = Linksys EasyLink Advisor

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"Revo Uninstaller" = Revo Uninstaller 1.89

"Secunia PSI" = Secunia PSI

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/27/2010 11:58:45 PM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 12:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 1:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 2:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 3:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 4:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 5:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 6:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 7:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 8:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 8/27/2010 10:32:25 AM | Computer Name = STONEPC | Source = ACPI | ID = 327684

Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address

(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to

system instability. Please contact your system vendor for technical assistance.

Error - 8/27/2010 10:33:07 AM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7000

Description = The GoToMyPC service failed to start due to the following error: %%2

Error - 8/27/2010 10:34:44 AM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdudf_xp SASDIFSV SASKUTIL

Error - 8/27/2010 10:34:45 AM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7034

Description = The Linksys Updater service terminated unexpectedly. It has done

this 1 time(s).

Error - 8/27/2010 12:46:45 PM | Computer Name = STONEPC | Source = ACPI | ID = 327685

Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address

(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to

system instability. Please contact your system vendor for technical assistance.

Error - 8/27/2010 12:46:45 PM | Computer Name = STONEPC | Source = ACPI | ID = 327684

Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address

(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to

system instability. Please contact your system vendor for technical assistance.

Error - 8/27/2010 12:47:11 PM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7000

Description = The GoToMyPC service failed to start due to the following error: %%2

Error - 8/27/2010 12:47:31 PM | Computer Name = STONEPC | Source = System Error | ID = 1003

Description = Error code 000000f4, parameter1 00000003, parameter2 86d0c558, parameter3

86d0c6cc, parameter4 805fb146.

Error - 8/27/2010 12:48:43 PM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdudf_xp SASDIFSV SASKUTIL

Error - 8/27/2010 12:48:43 PM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7034

Description = The Linksys Updater service terminated unexpectedly. It has done

this 1 time(s).

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-602162358-1202660629-854245398-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Linksys EasyLink Advisor" = Linksys EasyLink Advisor

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"Revo Uninstaller" = Revo Uninstaller 1.89

"Secunia PSI" = Secunia PSI

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/27/2010 11:58:45 PM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 12:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 1:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 2:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 3:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 4:58:45 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 5:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 6:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 7:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

Error - 8/28/2010 8:58:46 AM | Computer Name = STONEPC | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 8/27/2010 10:32:25 AM | Computer Name = STONEPC | Source = ACPI | ID = 327684

Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address

(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to

system instability. Please contact your system vendor for technical assistance.

Error - 8/27/2010 10:33:07 AM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7000

Description = The GoToMyPC service failed to start due to the following error: %%2

Error - 8/27/2010 10:34:44 AM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdudf_xp SASDIFSV SASKUTIL

Error - 8/27/2010 10:34:45 AM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7034

Description = The Linksys Updater service terminated unexpectedly. It has done

this 1 time(s).

Error - 8/27/2010 12:46:45 PM | Computer Name = STONEPC | Source = ACPI | ID = 327685

Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address

(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to

system instability. Please contact your system vendor for technical assistance.

Error - 8/27/2010 12:46:45 PM | Computer Name = STONEPC | Source = ACPI | ID = 327684

Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address

(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to

system instability. Please contact your system vendor for technical assistance.

Error - 8/27/2010 12:47:11 PM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7000

Description = The GoToMyPC service failed to start due to the following error: %%2

Error - 8/27/2010 12:47:31 PM | Computer Name = STONEPC | Source = System Error | ID = 1003

Description = Error code 000000f4, parameter1 00000003, parameter2 86d0c558, parameter3

86d0c6cc, parameter4 805fb146.

Error - 8/27/2010 12:48:43 PM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdudf_xp SASDIFSV SASKUTIL

Error - 8/27/2010 12:48:43 PM | Computer Name = STONEPC | Source = Service Control Manager | ID = 7034

Description = The Linksys Updater service terminated unexpectedly. It has done

this 1 time(s).

< End of report >

Link to post
Share on other sites

Hi Elise,

Below please find the RKU Log. As far as things I've tried:

- Used Secunia to locate and remove/update all programs (or as many as I could)

- Removing Symantec and replacing it with Avira

- Ran most/if not all the steps of the Malwarebytes guide "I'm infected - What do I do now?" ,i.e., Defogger, GMER

As for some of the problems, while the machine was on autoupdate - it would not successfully load hardly any of the Microsoft updates - there were multiple failures over the course of many months. A previous attempt to update the router failed on multiple occasions. Couple of Blue Screens recently that forced the machine to reboot. As I may have mentioned in an earlier post, the display now looks like its in a constant 'Safe-mode'

Thank you again!

How

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2189952 bytes

0x804D7000 RAW 2189952 bytes

0x804D7000 WMIxWDM 2189952 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF7267000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1277952 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 )

0xF7161000 C:\WINDOWS\system32\DRIVERS\winachcf.sys 700416 bytes (Conexant, Modem)

0xF3D74000 C:\WINDOWS\system32\drivers\tbcwdm.sys 471040 bytes (Voyetra Turtle Beach, Turtle Beach PCI WDM Audio Driver)

0xF3A60000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF701F000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF3B6B000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xF306F000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF3BE9000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)

0xF707D000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF74E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF33A3000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF73EA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF3AD0000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF3B43000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF748A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xF3AFB000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF742E000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF3D50000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF722F000 C:\WINDOWS\system32\drivers\tbcspud.sys 147456 bytes (Voyetra Turtle Beach, Turtle Beach PCI WDM Audio Driver)

0xF70D5000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF720C000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF3B21000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xF3A3E000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0xF7452000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74B0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF70F9000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 110592 bytes (Roxio, Win2000 Framework for Packet Write Driver)

0xF73D0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF7472000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF39FE000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF28FD000 C:\DOCUME~1\STUART~1\LOCALS~1\Temp\kgrcqkob.sys 94208 bytes

0xF7417000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF70BE000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF36E9000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0xF334C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF7114000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF7253000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x806EE000 ACPI_HAL 81152 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF3BC4000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7150000 C:\WINDOWS\System32\DRIVERS\el90xbc5.sys 69632 bytes (3Com Corporation, 3Com EtherLink PCI Driver)

0xF74CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF70AD000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF76EF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF75CF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF75BF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF766F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF75DF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF377E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF764F000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF756F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF75AF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF75FF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF754F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF761F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF757F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF76BF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF75EF000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF753F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF760F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF752F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF386E000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)

0xF765F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF763F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF755F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF762F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF76AF000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF3106000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF759F000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF76DF000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF77CF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7837000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF77D7000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF77AF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF77DF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF780F000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))

0xF77E7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF783F000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF77EF000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7827000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7817000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF782F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF77B7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF77FF000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7807000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF77F7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7847000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF79DB000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF379E000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF337B000 C:\WINDOWS\System32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)

0xF79B7000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF793F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7128000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7A03000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)

0xF79C3000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7A17000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBFF50000 C:\WINDOWS\System32\vga.dll 12288 bytes (Microsoft Corporation, VGA 16 Colour Display Driver)

0xF7A6D000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7A65000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7A35000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF7A6F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7A63000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7A33000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7A2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7A67000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7A75000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7AD3000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 8192 bytes (Secunia, Secunia PSI Driver)

0xF7A97000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)

0xF7A69000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7A39000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7A3B000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7A31000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7B0D000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7C82000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))

0xF7C81000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))

0xF7C3A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7B0C000 C:\WINDOWS\system32\DRIVERS\LMImirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)

0xF7C80000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

==============================================

>Stealth

==============================================

Link to post
Share on other sites

Based on your logs, it is possible, this is a hardware issue. However, lets first rule out malware here.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Based on your logs, it is possible, this is a hardware issue. However, lets first rule out malware here.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi Elise,

Started running combo fix. Then the system shutdown on its' own to reboot. When it came back up it was a blue screen that said it was going to check the disks for consistency. Then a blue screen of death then a reboot. Then another consistency check that stated that \ComboFix\ComboDel.text the first unit is not valid and the entry would be truncated. Then something about converting lost chains to files 16kb in one file or folder. Then another blue scree of death listing some .dll file then it continued in a boot loop. I shut the power down. Any thoughts on how to proceed? Thanks a bunch!

Link to post
Share on other sites

Hi Elise, thank you for your patience. Somehow was able to get back on. Below is the file from Combo Fix. I look forward to your thoughts. All the best.

ComboFix 10-08-27.03 - Stuart 08/28/2010 13:16:12.1.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.507 [GMT -4:00]

Running from: c:\documents and settings\Stuart\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Logo.sys

c:\windows\command

c:\windows\desktop

c:\windows\system\Color

c:\windows\system32\gotomon.log

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))

.

2010-08-28 17:41 . 2010-08-28 17:41 -------- d-----w- C:\FOUND.001

2010-08-28 17:31 . 2010-08-28 17:31 -------- d-----w- C:\FOUND.000

2010-08-27 16:48 . 2010-08-27 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-08-27 13:33 . 2010-08-27 13:33 -------- d-----w- c:\documents and settings\Stuart Gladstone\Application Data\Windows Search

2010-08-27 04:14 . 2010-08-27 04:14 -------- d-----w- c:\documents and settings\Stuart Gladstone\Application Data\Avira

2010-08-27 04:12 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-27 04:09 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-08-27 04:09 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-08-27 04:09 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-08-27 04:09 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-08-27 04:09 . 2010-08-27 04:09 -------- d-----w- c:\program files\Avira

2010-08-27 04:09 . 2010-08-27 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-08-27 03:05 . 2010-08-27 03:05 -------- d-----w- c:\program files\Microsoft.NET

2010-08-27 02:56 . 2010-08-27 02:57 -------- d-----w- c:\windows\system32\winrm

2010-08-27 02:56 . 2010-08-27 02:56 -------- d--h--w- c:\windows\$968930Uinstall_KB968930$

2010-08-27 02:53 . 2010-08-27 02:53 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-27 02:11 . 2010-08-27 02:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2010-08-27 01:33 . 2010-08-27 01:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-08-26 23:15 . 2010-08-26 23:15 -------- d-----w- c:\documents and settings\Stuart\Application Data\Windows Desktop Search

2010-08-26 23:10 . 2010-08-26 23:10 -------- d-----w- c:\program files\Windows Desktop Search

2010-08-26 23:10 . 2010-08-26 23:10 -------- d-----w- c:\windows\system32\GroupPolicy

2010-08-26 23:07 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2010-08-26 23:07 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2010-08-26 23:07 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2010-08-26 23:00 . 2010-08-26 23:00 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-26 22:46 . 2010-08-26 22:46 -------- d-----w- c:\windows\system32\LogFiles

2010-08-26 22:46 . 2010-08-26 22:46 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-08-26 22:41 . 2010-08-26 22:41 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-08-26 22:27 . 2010-08-26 22:27 -------- d-----w- c:\windows\nview

2010-08-26 22:17 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-08-26 22:00 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-08-26 21:52 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-08-26 21:52 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-08-26 21:38 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2010-08-26 21:38 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2010-08-26 21:38 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe

2010-08-26 21:38 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2010-08-26 21:38 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2010-08-26 21:38 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-08-26 21:38 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2010-08-26 21:38 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2010-08-26 21:38 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2010-08-26 21:38 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-08-26 21:38 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-08-26 21:37 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-08-26 21:37 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-08-26 21:37 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-08-26 21:17 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-08-26 20:59 . 2010-08-26 20:59 -------- d-----w- c:\program files\Common Files\Voyetra

2010-08-24 12:41 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-08-24 12:40 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-24 12:29 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-08-23 22:35 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-08-23 21:43 . 2010-08-23 21:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-23 21:43 . 2010-08-23 21:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-08-23 21:24 . 2010-08-23 21:24 -------- d-----w- c:\windows\system32\scripting

2010-08-23 21:24 . 2010-08-23 21:24 -------- d-----w- c:\windows\l2schemas

2010-08-23 21:24 . 2010-08-23 21:24 -------- d-----w- c:\windows\system32\en

2010-08-23 13:40 . 2010-08-23 13:40 -------- d-----w- c:\documents and settings\Stuart\Application Data\Malwarebytes

2010-08-23 13:40 . 2010-08-23 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 13:40 . 2010-08-23 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-22 12:03 . 2010-08-22 12:03 -------- d-----w- c:\program files\CCleaner

2010-08-21 15:24 . 2010-08-21 15:24 -------- d-----w- c:\documents and settings\Stuart\Application Data\SUPERAntiSpyware.com

2010-08-21 15:24 . 2010-08-21 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-21 14:40 . 2010-08-21 14:40 -------- d-----w- c:\program files\Secunia

2010-08-20 19:32 . 2010-08-20 19:32 503808 ----a-w- c:\documents and settings\Stuart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6431255d-n\msvcp71.dll

2010-08-20 19:32 . 2010-08-20 19:32 348160 ----a-w- c:\documents and settings\Stuart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6431255d-n\msvcr71.dll

2010-08-20 19:32 . 2010-08-20 19:32 61440 ----a-w- c:\documents and settings\Stuart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-312f68e4-n\decora-sse.dll

2010-08-20 19:32 . 2010-08-20 19:32 499712 ----a-w- c:\documents and settings\Stuart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6431255d-n\jmc.dll

2010-08-20 19:32 . 2010-08-20 19:32 12800 ----a-w- c:\documents and settings\Stuart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-312f68e4-n\decora-d3d.dll

2010-08-20 19:31 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-20 18:31 . 2010-08-20 18:31 -------- d-----w- c:\program files\VS Revo Group

2010-08-20 17:49 . 2010-08-20 17:50 0 ----a-w- c:\windows\nsreg.dat

2010-08-20 17:48 . 2010-08-20 17:48 -------- d-----w- c:\documents and settings\Stuart\Local Settings\Application Data\Mozilla

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-28 17:36 . 2005-02-02 14:52 90112 ----a-w- c:\windows\DUMPa46f.tmp

2010-08-28 17:31 . 2005-02-02 14:52 90112 ----a-w- c:\windows\DUMPa3b0.tmp

2010-08-27 16:46 . 2005-02-02 14:52 90112 ----a-w- c:\windows\DUMPa497.tmp

2010-08-23 21:30 . 2005-02-02 15:05 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat

2010-08-23 17:48 . 2005-02-02 20:52 19280 ----a-w- c:\documents and settings\Stuart\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-09 15:25 . 2010-06-24 07:30 82248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-06-30 12:31 . 2005-02-02 14:45 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-23 23:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2005-02-02 13:46 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2005-02-02 14:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2005-02-02 14:44 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2005-02-02 15:04 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\HelpSvc.exe

2010-06-14 07:41 . 2005-02-02 14:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-09 22:47 . 2007-05-31 11:32 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-06-09 22:47 . 2007-04-26 13:28 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-06-09 22:47 . 2007-04-26 13:27 87424 ----a-w- c:\windows\system32\LMIinit.dll

2000-10-13 20:56 . 2000-10-13 20:56 23357 ---h--w- c:\program files\folder.htt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Stuart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-23 136176]

"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Stuart\Start Menu\Programs\Startup\

Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-06-09 22:47 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/27/2010 12:09 AM 135336]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2007 7:32 AM 12856]

R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [1/29/2007 10:52 AM 163408]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [1/29/2007 10:52 AM 499680]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\STUART~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\STUART~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\STUART~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\STUART~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]

S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [7/7/2010 10:05 AM 14904]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/2/2005 10:45 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{43FDF985-5F97-4F85-83C0-FD02088697B6}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-854245398-1003Core1cb42ea54c99d30.job

- c:\documents and settings\Stuart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-23 17:40]

.

.

------- Supplementary Scan -------

.

uStart Page =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: bankofamerica.com

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Stuart\Application Data\Mozilla\Firefox\Profiles\0sg2tih9.default\

FF - plugin: c:\documents and settings\Stuart\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Notify-GoToMyPC - c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-28 15:41

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\savedump.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\SearchIndexer.exe

.

**************************************************************************

.

Completion time: 2010-08-28 15:44:07 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-28 19:44

Pre-Run: 23,747,575,808 bytes free

Post-Run: 23,868,096,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1DC36BEA183B143B6DEF60CDEFC698DD

Link to post
Share on other sites

Lets do a complete checkdisk here.

Click Start > Run, type chkdsk /r and press enter.

When asked to schedule the scan for next reboot, type Y and press enter.

Restart your computer and let the disk check run unhindered. Note - this may take some time.

How old is this computer? I am asking because I see some (possible) serious errors in your event log.

Link to post
Share on other sites

Hi Elise, working on that now. The machine is old. Probably 5 or 6 years old. I think they may have even transferred files over from a previous computer. Should I expect a log file when it's through running? Many thanks, H-

Link to post
Share on other sites

No, it will not produce a log. However, after rebooting, click Start > Run, type EVENTVWR.MSC and press enter.

Click the System category in the left panel and look for an entry related to winlogon. That should contain some information.

You will also see some on-screen info while the scan is running.

When done, just see if you notice any difference.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.