mandaw
2010-08-11, 16:55
Hello, first time poster here. :)
Since yesterday I've had some problems, namely several email accounts deleted and I have been unable to recover them. I ran a scan and it picked up TR/Crypt.XPACK.Gen2 Trojan (with AVG and Avira; I deleted AVG and installed Avira). I am using Vista and last night reinstalled Vista (I'm not sure why, I wanted to see what would happen) and all of my documents have already been backed up. I've also been installing Windows Updates so I assume that's why there have been so many errors. I'm expecting a Windows 7 Upgrade disc tomorrow if that helps at all.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Manda at 15:41:54.45 on 11/08/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3326.1943 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Manda\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: c:\users\manda\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\manda\appdata\roaming\mozilla\firefox\profiles\dqdvq972.default\
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\manda\appdata\roaming\mozilla\firefox\profiles\dqdvq972.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-11 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-11 60936]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-11 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
=============== Created Last 30 ================
2010-08-11 13:58:23 0 d-----w- C:\_OTM
2010-08-11 13:48:25 0 d-----w- c:\program files\ESET
2010-08-11 13:35:28 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-08-11 13:25:23 788 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:25:23 54928 ----a-w- c:\windows\system32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:25:23 54928 ----a-w- c:\windows\system32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:08:33 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-11 13:08:32 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-11 13:08:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-11 13:08:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-11 13:08:32 24064 ----a-w- c:\windows\system32\lpk.dll
2010-08-11 13:08:32 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-11 13:02:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-11 13:02:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-08-11 13:02:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-08-11 13:02:29 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-11 12:58:51 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 12:58:50 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 12:56:28 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-11 12:56:28 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-08-11 12:56:28 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-08-11 12:54:26 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-08-11 12:54:26 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-08-11 12:54:26 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-08-11 12:51:18 15360 ----a-w- c:\windows\system32\netevent.dll
2010-08-11 12:51:17 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-11 12:51:17 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-11 12:51:17 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-11 12:51:17 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-11 12:51:17 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-11 12:51:17 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-11 12:51:17 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-11 12:51:17 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-11 12:47:42 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-08-11 12:47:41 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-08-11 12:47:39 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-08-11 12:47:38 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-08-11 12:47:31 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-08-11 12:44:06 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-08-11 12:44:06 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-08-11 12:42:35 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-11 12:42:34 1657350 ----a-w- c:\windows\system32\wlan.tmf
2010-08-11 12:42:34 12876 ----a-w- c:\windows\system32\wbem\wlan.mof
2010-08-11 12:42:33 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-11 12:42:33 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-11 12:42:33 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-11 12:42:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-11 12:42:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-08-11 12:41:19 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-08-11 12:40:52 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-08-11 12:40:33 0 d-----w- c:\program files\Creative
2010-08-11 12:39:57 0 d-----w- c:\programdata\Creative
2010-08-11 12:39:56 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-08-11 12:39:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-11 12:39:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-11 12:39:42 0 d-----w- c:\program files\OpenAL
2010-08-11 12:39:41 87 ---ha-r- c:\windows\ctfile.rfc
2010-08-11 12:39:41 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-08-11 12:39:41 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2010-08-11 12:39:17 0 d-----w- c:\users\manda\appdata\roaming\Malwarebytes
2010-08-11 12:39:11 0 d-----w- c:\windows\system32\data
2010-08-11 12:39:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 12:38:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 12:38:58 0 d-----w- c:\programdata\Malwarebytes
2010-08-11 12:38:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 12:36:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-08-11 12:36:47 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 12:36:46 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-08-11 12:36:46 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-08-11 12:35:09 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-11 12:33:56 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-11 12:33:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-11 12:33:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-11 12:32:51 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-08-11 12:32:51 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-08-11 12:31:47 2855424 ----a-w- c:\windows\system32\mf.dll
2010-08-11 12:31:46 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-11 12:31:46 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-11 12:31:46 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-11 12:31:46 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-11 12:30:22 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 12:30:21 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 12:26:57 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-08-11 12:26:17 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-08-11 12:26:17 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-11 12:25:27 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-08-11 12:24:20 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-11 12:22:10 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-08-11 12:21:10 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-08-11 12:21:10 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-08-11 12:17:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-11 12:16:35 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-08-11 12:16:35 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-08-11 12:15:20 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-11 12:14:04 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-11 12:14:04 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-08-11 12:14:04 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-08-11 12:12:47 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-08-11 12:10:03 414208 ----a-w- c:\windows\system32\msscp.dll
2010-08-11 12:08:43 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-08-11 12:07:26 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-08-11 12:06:05 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-08-11 12:06:05 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-08-11 12:06:05 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-08-11 12:06:05 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-08-11 12:06:04 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-08-11 12:06:04 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-08-11 11:59:45 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-08-11 11:59:45 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-08-11 11:59:44 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-08-11 11:59:44 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-08-11 11:59:44 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-08-11 11:59:44 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-08-11 11:59:44 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-11 11:59:44 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-08-11 11:54:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-11 11:53:12 696832 ----a-w- c:\windows\system32\localspl.dll
2010-08-11 11:48:24 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-11 11:48:23 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-08-11 11:48:23 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-08-11 11:48:23 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-08-11 11:48:21 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-08-11 11:48:21 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-08-11 11:47:17 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-08-11 11:46:13 2923520 ----a-w- c:\windows\explorer.exe
2010-08-11 11:45:06 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-08-11 11:42:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-08-11 11:42:43 7680 ----a-w- c:\windows\system32\lsass.exe
2010-08-11 11:42:43 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-11 11:42:43 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-11 11:42:43 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-11 11:42:42 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-11 11:42:41 272384 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 11:41:20 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-08-11 11:37:59 3102720 ----a-w- c:\windows\system32\NlsData004b.dll
2010-08-11 11:30:29 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-08-11 11:27:32 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-08-11 11:27:30 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-08-11 11:27:30 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-08-11 11:27:30 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-08-11 11:27:29 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-08-11 11:27:29 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-08-11 11:27:29 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-08-11 11:27:28 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-08-11 11:27:28 53248 ----a-w- c:\windows\system32\iasads.dll
2010-08-11 11:27:28 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-08-11 11:27:28 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-08-11 11:26:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-08-11 11:26:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-08-11 11:22:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-11 11:22:57 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-08-11 11:22:57 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-08-11 11:22:57 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-11 11:22:57 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-08-11 11:22:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-11 11:22:56 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 11:19:30 0 d-----w- c:\users\manda\appdata\roaming\Avira
2010-08-11 11:18:56 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-08-11 11:18:56 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-08-11 11:18:56 2048 ----a-w- c:\windows\system32\asferror.dll
2010-08-11 11:18:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-11 11:17:00 25600 ----a-w- c:\windows\system32\amxread.dll
2010-08-11 11:17:00 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-08-11 11:15:57 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-08-11 11:15:57 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-08-11 11:15:57 223232 ----a-w- c:\windows\system32\SLC.dll
2010-08-11 11:15:56 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-08-11 11:15:56 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-08-11 11:15:56 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-08-11 11:15:56 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-08-11 11:15:55 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-08-11 11:15:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-08-11 11:14:57 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-08-11 11:14:57 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-08-11 11:14:57 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-08-11 11:13:40 97792 ----a-w- c:\windows\system32\cabview.dll
2010-08-11 11:11:10 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-08-11 11:11:10 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-08-11 11:11:08 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-08-11 11:11:08 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-08-11 11:11:07 1984512 ----a-w- c:\windows\system32\authui.dll
2010-08-11 11:11:04 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-08-11 11:11:03 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-08-11 11:10:11 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-08-11 11:10:11 37376 ----a-w- c:\windows\system32\printcom.dll
2010-08-11 11:09:22 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 11:07:36 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-08-11 11:07:36 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-08-11 11:06:40 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-11 11:06:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-08-11 11:06:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-08-11 11:05:26 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-08-11 11:05:25 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-11 11:05:25 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-11 11:05:25 472576 ----a-w- c:\windows\system32\secproc.dll
2010-08-11 11:05:25 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-11 11:05:25 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-11 11:05:25 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-11 11:05:25 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-11 11:05:24 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-11 11:04:32 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-08-11 11:03:14 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-08-11 11:03:14 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-08-11 10:58:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-08-11 10:58:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-08-11 10:58:19 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-08-11 10:58:19 11264 ----a-w- c:\windows\system32\icardres.dll
2010-08-11 10:58:15 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-11 10:58:12 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-08-11 10:58:12 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-11 10:58:12 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-11 10:36:35 65536 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-08-11 10:36:35 28180480 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-08-11 10:36:35 196608 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-08-11 10:34:21 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-08-11 10:34:20 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-11 10:34:19 83968 ----a-w- c:\windows\system32\mscories.dll
2010-08-11 10:34:19 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-08-11 10:34:19 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-08-11 10:17:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-11 10:16:58 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-11 10:16:58 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-08-11 10:16:22 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-08-11 10:16:22 94720 ----a-w- c:\windows\system32\logagent.exe
2010-08-11 10:15:35 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-08-11 10:15:35 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-11 10:15:13 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-08-11 10:14:52 1645568 ----a-w- c:\windows\system32\connect.dll
2010-08-11 10:14:33 5120 ----a-w- c:\windows\system32\wmi.dll
2010-08-11 10:14:33 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-08-11 10:14:33 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-08-11 10:14:16 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-11 10:13:34 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-11 10:13:34 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-08-11 10:13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-11 10:11:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 10:11:36 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-08-11 10:11:22 274432 ----a-w- c:\windows\system32\raschap.dll
2010-08-11 10:11:22 232960 ----a-w- c:\windows\system32\rastls.dll
2010-08-11 10:10:58 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-08-11 10:10:43 99840 ----a-w- c:\windows\system32\poqexec.exe
2010-08-11 10:10:36 633856 ----a-w- c:\windows\system32\user32.dll
2010-08-11 10:09:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-08-11 10:09:15 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-08-11 10:09:15 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-08-11 10:09:15 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-08-11 10:09:15 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-08-11 10:09:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-08-11 10:09:15 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-08-11 10:09:14 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-08-11 10:09:14 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-08-11 10:09:14 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-08-11 10:08:32 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-08-11 10:08:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-11 10:07:49 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-11 10:07:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-11 10:07:48 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-08-11 10:07:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-11 10:07:45 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-11 09:54:07 0 d-----w- c:\programdata\Adobe
2010-08-11 09:52:27 40960 ----a-w- c:\windows\system32\F5D7051.dll
2010-08-11 09:52:26 0 d-----w- c:\program files\Belkin
2010-08-11 09:51:05 0 d-sh--w- c:\windows\Installer
2010-08-11 09:51:01 0 d-----w- c:\program files\Carbonite
2010-08-11 09:51:00 0 d-sh--w- c:\windows\ftpcache
2010-08-11 09:50:51 0 d-----w- c:\programdata\muvee Technologies
2010-08-11 09:47:48 0 d-----w- c:\windows\Panther
2010-08-11 09:47:04 36 ---ha-r- c:\windows\DELL_VERSION
2010-08-11 09:47:04 0 d-----w- c:\windows\system32\OEM
2010-08-11 03:25:13 0 d-----w- c:\users\manda\Tracing
2010-08-11 03:20:51 0 d-----w- c:\program files\Microsoft
2010-08-11 03:20:08 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-11 03:19:11 0 d-----w- c:\windows\PCHEALTH
2010-08-11 03:15:49 0 d-----w- c:\program files\common files\Windows Live
2010-08-11 03:08:41 36917 ----a-w- c:\programdata\nvModes.dat
2010-08-11 03:03:46 0 d-----w- c:\programdata\NVIDIA
2010-08-11 03:01:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-11 03:00:43 0 d-----w- c:\program files\NVIDIA Corporation
2010-08-11 02:53:26 0 d-----w- c:\program files\SystemRequirementsLab
2010-08-11 02:47:46 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-08-11 02:46:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-08-11 02:45:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-08-11 02:45:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-11 02:38:59 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-11 02:38:57 0 d-----w- c:\programdata\Avira
2010-08-11 02:38:57 0 d-----w- c:\program files\Avira
2010-08-11 02:32:09 0 d-----w- c:\users\manda\appdata\roaming\Trusteer
2010-08-11 02:32:06 0 d-----w- c:\program files\Trusteer
2010-08-11 02:31:21 0 d-----w- c:\programdata\Trusteer
2010-08-11 02:19:26 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-11 02:18:07 0 d-----r- c:\program files\Skype
2010-08-11 02:17:57 0 d-----w- c:\programdata\Skype
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
==================== Find3M ====================
2010-08-11 13:32:00 174 --sha-w- c:\program files\desktop.ini
2010-08-11 13:22:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 13:22:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-11 13:22:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 13:22:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-11 13:05:27 72704 ----a-w- c:\windows\system32\admparse.dll
2010-08-11 13:05:24 832512 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 13:05:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 13:05:16 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-11 13:05:09 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-11 13:05:05 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-08-11 11:38:49 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-08-11 11:37:59 3102720 ----a-w- c:\windows\system32\NlsData004c.dll
2010-08-11 11:29:49 40960 ----a-w- c:\windows\system32\srclient.dll
2010-08-11 10:06:29 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2010-08-11 10:06:28 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2010-07-09 15:37:10 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 15:37:10 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:37:10 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:37:10 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:37:10 110696 ----a-w- c:\windows\system32\nvmctray.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 15:44:50.52 ===============
The second log is too long to post here, so I've attached it in a zip file, as it ended up quite large. Many thanks if anyone can help.
Since yesterday I've had some problems, namely several email accounts deleted and I have been unable to recover them. I ran a scan and it picked up TR/Crypt.XPACK.Gen2 Trojan (with AVG and Avira; I deleted AVG and installed Avira). I am using Vista and last night reinstalled Vista (I'm not sure why, I wanted to see what would happen) and all of my documents have already been backed up. I've also been installing Windows Updates so I assume that's why there have been so many errors. I'm expecting a Windows 7 Upgrade disc tomorrow if that helps at all.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Manda at 15:41:54.45 on 11/08/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3326.1943 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Manda\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: c:\users\manda\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\manda\appdata\roaming\mozilla\firefox\profiles\dqdvq972.default\
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\manda\appdata\roaming\mozilla\firefox\profiles\dqdvq972.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-11 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-11 60936]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-11 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
=============== Created Last 30 ================
2010-08-11 13:58:23 0 d-----w- C:\_OTM
2010-08-11 13:48:25 0 d-----w- c:\program files\ESET
2010-08-11 13:35:28 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-08-11 13:25:23 788 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:25:23 54928 ----a-w- c:\windows\system32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:25:23 54928 ----a-w- c:\windows\system32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:08:33 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-11 13:08:32 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-11 13:08:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-11 13:08:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-11 13:08:32 24064 ----a-w- c:\windows\system32\lpk.dll
2010-08-11 13:08:32 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-11 13:02:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-11 13:02:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-08-11 13:02:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-08-11 13:02:29 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-11 12:58:51 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 12:58:50 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 12:56:28 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-11 12:56:28 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-08-11 12:56:28 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-08-11 12:54:26 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-08-11 12:54:26 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-08-11 12:54:26 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-08-11 12:51:18 15360 ----a-w- c:\windows\system32\netevent.dll
2010-08-11 12:51:17 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-11 12:51:17 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-11 12:51:17 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-11 12:51:17 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-11 12:51:17 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-11 12:51:17 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-11 12:51:17 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-11 12:51:17 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-11 12:47:42 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-08-11 12:47:41 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-08-11 12:47:39 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-08-11 12:47:38 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-08-11 12:47:31 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-08-11 12:44:06 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-08-11 12:44:06 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-08-11 12:42:35 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-11 12:42:34 1657350 ----a-w- c:\windows\system32\wlan.tmf
2010-08-11 12:42:34 12876 ----a-w- c:\windows\system32\wbem\wlan.mof
2010-08-11 12:42:33 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-11 12:42:33 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-11 12:42:33 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-11 12:42:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-11 12:42:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-08-11 12:41:19 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-08-11 12:40:52 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-08-11 12:40:33 0 d-----w- c:\program files\Creative
2010-08-11 12:39:57 0 d-----w- c:\programdata\Creative
2010-08-11 12:39:56 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-08-11 12:39:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-11 12:39:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-11 12:39:42 0 d-----w- c:\program files\OpenAL
2010-08-11 12:39:41 87 ---ha-r- c:\windows\ctfile.rfc
2010-08-11 12:39:41 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-08-11 12:39:41 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2010-08-11 12:39:17 0 d-----w- c:\users\manda\appdata\roaming\Malwarebytes
2010-08-11 12:39:11 0 d-----w- c:\windows\system32\data
2010-08-11 12:39:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 12:38:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 12:38:58 0 d-----w- c:\programdata\Malwarebytes
2010-08-11 12:38:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 12:36:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-08-11 12:36:47 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 12:36:46 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-08-11 12:36:46 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-08-11 12:35:09 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-11 12:33:56 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-11 12:33:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-11 12:33:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-11 12:32:51 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-08-11 12:32:51 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-08-11 12:31:47 2855424 ----a-w- c:\windows\system32\mf.dll
2010-08-11 12:31:46 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-11 12:31:46 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-11 12:31:46 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-11 12:31:46 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-11 12:30:22 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 12:30:21 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 12:26:57 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-08-11 12:26:17 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-08-11 12:26:17 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-11 12:25:27 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-08-11 12:24:20 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-11 12:22:10 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-08-11 12:21:10 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-08-11 12:21:10 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-08-11 12:17:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-11 12:16:35 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-08-11 12:16:35 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-08-11 12:15:20 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-11 12:14:04 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-11 12:14:04 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-08-11 12:14:04 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-08-11 12:12:47 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-08-11 12:10:03 414208 ----a-w- c:\windows\system32\msscp.dll
2010-08-11 12:08:43 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-08-11 12:07:26 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-08-11 12:06:05 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-08-11 12:06:05 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-08-11 12:06:05 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-08-11 12:06:05 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-08-11 12:06:04 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-08-11 12:06:04 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-08-11 11:59:45 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-08-11 11:59:45 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-08-11 11:59:44 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-08-11 11:59:44 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-08-11 11:59:44 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-08-11 11:59:44 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-08-11 11:59:44 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-11 11:59:44 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-08-11 11:54:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-11 11:53:12 696832 ----a-w- c:\windows\system32\localspl.dll
2010-08-11 11:48:24 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-11 11:48:23 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-08-11 11:48:23 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-08-11 11:48:23 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-08-11 11:48:21 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-08-11 11:48:21 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-08-11 11:47:17 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-08-11 11:46:13 2923520 ----a-w- c:\windows\explorer.exe
2010-08-11 11:45:06 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-08-11 11:42:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-08-11 11:42:43 7680 ----a-w- c:\windows\system32\lsass.exe
2010-08-11 11:42:43 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-11 11:42:43 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-11 11:42:43 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-11 11:42:42 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-11 11:42:41 272384 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 11:41:20 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-08-11 11:37:59 3102720 ----a-w- c:\windows\system32\NlsData004b.dll
2010-08-11 11:30:29 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-08-11 11:27:32 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-08-11 11:27:30 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-08-11 11:27:30 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-08-11 11:27:30 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-08-11 11:27:29 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-08-11 11:27:29 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-08-11 11:27:29 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-08-11 11:27:28 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-08-11 11:27:28 53248 ----a-w- c:\windows\system32\iasads.dll
2010-08-11 11:27:28 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-08-11 11:27:28 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-08-11 11:26:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-08-11 11:26:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-08-11 11:22:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-11 11:22:57 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-08-11 11:22:57 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-08-11 11:22:57 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-11 11:22:57 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-08-11 11:22:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-11 11:22:56 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 11:19:30 0 d-----w- c:\users\manda\appdata\roaming\Avira
2010-08-11 11:18:56 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-08-11 11:18:56 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-08-11 11:18:56 2048 ----a-w- c:\windows\system32\asferror.dll
2010-08-11 11:18:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-11 11:17:00 25600 ----a-w- c:\windows\system32\amxread.dll
2010-08-11 11:17:00 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-08-11 11:15:57 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-08-11 11:15:57 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-08-11 11:15:57 223232 ----a-w- c:\windows\system32\SLC.dll
2010-08-11 11:15:56 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-08-11 11:15:56 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-08-11 11:15:56 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-08-11 11:15:56 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-08-11 11:15:55 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-08-11 11:15:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-08-11 11:14:57 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-08-11 11:14:57 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-08-11 11:14:57 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-08-11 11:13:40 97792 ----a-w- c:\windows\system32\cabview.dll
2010-08-11 11:11:10 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-08-11 11:11:10 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-08-11 11:11:08 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-08-11 11:11:08 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-08-11 11:11:07 1984512 ----a-w- c:\windows\system32\authui.dll
2010-08-11 11:11:04 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-08-11 11:11:03 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-08-11 11:10:11 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-08-11 11:10:11 37376 ----a-w- c:\windows\system32\printcom.dll
2010-08-11 11:09:22 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 11:07:36 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-08-11 11:07:36 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-08-11 11:06:40 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-11 11:06:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-08-11 11:06:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-08-11 11:05:26 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-08-11 11:05:25 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-11 11:05:25 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-11 11:05:25 472576 ----a-w- c:\windows\system32\secproc.dll
2010-08-11 11:05:25 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-11 11:05:25 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-11 11:05:25 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-11 11:05:25 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-11 11:05:24 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-11 11:04:32 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-08-11 11:03:14 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-08-11 11:03:14 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-08-11 10:58:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-08-11 10:58:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-08-11 10:58:19 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-08-11 10:58:19 11264 ----a-w- c:\windows\system32\icardres.dll
2010-08-11 10:58:15 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-11 10:58:12 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-08-11 10:58:12 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-11 10:58:12 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-11 10:36:35 65536 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-08-11 10:36:35 28180480 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-08-11 10:36:35 196608 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-08-11 10:34:21 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-08-11 10:34:20 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-11 10:34:19 83968 ----a-w- c:\windows\system32\mscories.dll
2010-08-11 10:34:19 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-08-11 10:34:19 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-08-11 10:17:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-11 10:16:58 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-11 10:16:58 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-08-11 10:16:22 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-08-11 10:16:22 94720 ----a-w- c:\windows\system32\logagent.exe
2010-08-11 10:15:35 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-08-11 10:15:35 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-11 10:15:13 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-08-11 10:14:52 1645568 ----a-w- c:\windows\system32\connect.dll
2010-08-11 10:14:33 5120 ----a-w- c:\windows\system32\wmi.dll
2010-08-11 10:14:33 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-08-11 10:14:33 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-08-11 10:14:16 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-11 10:13:34 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-11 10:13:34 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-08-11 10:13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-11 10:11:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 10:11:36 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-08-11 10:11:22 274432 ----a-w- c:\windows\system32\raschap.dll
2010-08-11 10:11:22 232960 ----a-w- c:\windows\system32\rastls.dll
2010-08-11 10:10:58 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-08-11 10:10:43 99840 ----a-w- c:\windows\system32\poqexec.exe
2010-08-11 10:10:36 633856 ----a-w- c:\windows\system32\user32.dll
2010-08-11 10:09:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-08-11 10:09:15 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-08-11 10:09:15 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-08-11 10:09:15 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-08-11 10:09:15 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-08-11 10:09:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-08-11 10:09:15 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-08-11 10:09:14 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-08-11 10:09:14 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-08-11 10:09:14 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-08-11 10:08:32 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-08-11 10:08:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-11 10:07:49 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-11 10:07:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-11 10:07:48 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-08-11 10:07:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-11 10:07:45 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-11 09:54:07 0 d-----w- c:\programdata\Adobe
2010-08-11 09:52:27 40960 ----a-w- c:\windows\system32\F5D7051.dll
2010-08-11 09:52:26 0 d-----w- c:\program files\Belkin
2010-08-11 09:51:05 0 d-sh--w- c:\windows\Installer
2010-08-11 09:51:01 0 d-----w- c:\program files\Carbonite
2010-08-11 09:51:00 0 d-sh--w- c:\windows\ftpcache
2010-08-11 09:50:51 0 d-----w- c:\programdata\muvee Technologies
2010-08-11 09:47:48 0 d-----w- c:\windows\Panther
2010-08-11 09:47:04 36 ---ha-r- c:\windows\DELL_VERSION
2010-08-11 09:47:04 0 d-----w- c:\windows\system32\OEM
2010-08-11 03:25:13 0 d-----w- c:\users\manda\Tracing
2010-08-11 03:20:51 0 d-----w- c:\program files\Microsoft
2010-08-11 03:20:08 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-11 03:19:11 0 d-----w- c:\windows\PCHEALTH
2010-08-11 03:15:49 0 d-----w- c:\program files\common files\Windows Live
2010-08-11 03:08:41 36917 ----a-w- c:\programdata\nvModes.dat
2010-08-11 03:03:46 0 d-----w- c:\programdata\NVIDIA
2010-08-11 03:01:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-11 03:00:43 0 d-----w- c:\program files\NVIDIA Corporation
2010-08-11 02:53:26 0 d-----w- c:\program files\SystemRequirementsLab
2010-08-11 02:47:46 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-08-11 02:46:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-08-11 02:45:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-08-11 02:45:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-11 02:38:59 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-11 02:38:57 0 d-----w- c:\programdata\Avira
2010-08-11 02:38:57 0 d-----w- c:\program files\Avira
2010-08-11 02:32:09 0 d-----w- c:\users\manda\appdata\roaming\Trusteer
2010-08-11 02:32:06 0 d-----w- c:\program files\Trusteer
2010-08-11 02:31:21 0 d-----w- c:\programdata\Trusteer
2010-08-11 02:19:26 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-11 02:18:07 0 d-----r- c:\program files\Skype
2010-08-11 02:17:57 0 d-----w- c:\programdata\Skype
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
==================== Find3M ====================
2010-08-11 13:32:00 174 --sha-w- c:\program files\desktop.ini
2010-08-11 13:22:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 13:22:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-11 13:22:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 13:22:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-11 13:05:27 72704 ----a-w- c:\windows\system32\admparse.dll
2010-08-11 13:05:24 832512 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 13:05:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 13:05:16 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-11 13:05:09 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-11 13:05:05 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-08-11 11:38:49 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-08-11 11:37:59 3102720 ----a-w- c:\windows\system32\NlsData004c.dll
2010-08-11 11:29:49 40960 ----a-w- c:\windows\system32\srclient.dll
2010-08-11 10:06:29 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2010-08-11 10:06:28 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2010-07-09 15:37:10 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 15:37:10 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:37:10 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:37:10 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:37:10 110696 ----a-w- c:\windows\system32\nvmctray.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 15:44:50.52 ===============
The second log is too long to post here, so I've attached it in a zip file, as it ended up quite large. Many thanks if anyone can help.