TR/Crypt.XPACK.Gen2 Trojan, can't get rid of it!

Status
Not open for further replies.
M

mandaw

New member
Hello, first time poster here. :)

Since yesterday I've had some problems, namely several email accounts deleted and I have been unable to recover them. I ran a scan and it picked up TR/Crypt.XPACK.Gen2 Trojan (with AVG and Avira; I deleted AVG and installed Avira). I am using Vista and last night reinstalled Vista (I'm not sure why, I wanted to see what would happen) and all of my documents have already been backed up. I've also been installing Windows Updates so I assume that's why there have been so many errors. I'm expecting a Windows 7 Upgrade disc tomorrow if that helps at all.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Manda at 15:41:54.45 on 11/08/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3326.1943 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Manda\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: c:\users\manda\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\manda\appdata\roaming\mozilla\firefox\profiles\dqdvq972.default\
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\manda\appdata\roaming\mozilla\firefox\profiles\dqdvq972.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-11 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-11 60936]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-11 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]

=============== Created Last 30 ================

2010-08-11 13:58:23 0 d-----w- C:\_OTM
2010-08-11 13:48:25 0 d-----w- c:\program files\ESET
2010-08-11 13:35:28 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-08-11 13:25:23 788 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:25:23 54928 ----a-w- c:\windows\system32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:25:23 54928 ----a-w- c:\windows\system32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
2010-08-11 13:08:33 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-11 13:08:32 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-11 13:08:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-11 13:08:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-11 13:08:32 24064 ----a-w- c:\windows\system32\lpk.dll
2010-08-11 13:08:32 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-11 13:02:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-11 13:02:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-08-11 13:02:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-08-11 13:02:29 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-11 12:58:51 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 12:58:50 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 12:56:28 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-11 12:56:28 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-08-11 12:56:28 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-08-11 12:54:26 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-08-11 12:54:26 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-08-11 12:54:26 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-08-11 12:51:18 15360 ----a-w- c:\windows\system32\netevent.dll
2010-08-11 12:51:17 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-11 12:51:17 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-11 12:51:17 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-11 12:51:17 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-11 12:51:17 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-11 12:51:17 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-11 12:51:17 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-11 12:51:17 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-11 12:47:42 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-08-11 12:47:41 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-08-11 12:47:39 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-08-11 12:47:38 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-08-11 12:47:31 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-08-11 12:44:06 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-08-11 12:44:06 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-08-11 12:42:35 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-11 12:42:34 1657350 ----a-w- c:\windows\system32\wlan.tmf
2010-08-11 12:42:34 12876 ----a-w- c:\windows\system32\wbem\wlan.mof
2010-08-11 12:42:33 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-11 12:42:33 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-11 12:42:33 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-11 12:42:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-11 12:42:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-08-11 12:41:19 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-08-11 12:40:52 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-08-11 12:40:33 0 d-----w- c:\program files\Creative
2010-08-11 12:39:57 0 d-----w- c:\programdata\Creative
2010-08-11 12:39:56 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-08-11 12:39:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-11 12:39:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-11 12:39:42 0 d-----w- c:\program files\OpenAL
2010-08-11 12:39:41 87 ---ha-r- c:\windows\ctfile.rfc
2010-08-11 12:39:41 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-08-11 12:39:41 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2010-08-11 12:39:17 0 d-----w- c:\users\manda\appdata\roaming\Malwarebytes
2010-08-11 12:39:11 0 d-----w- c:\windows\system32\data
2010-08-11 12:39:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 12:38:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 12:38:58 0 d-----w- c:\programdata\Malwarebytes
2010-08-11 12:38:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 12:36:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-08-11 12:36:47 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 12:36:46 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-08-11 12:36:46 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-08-11 12:35:09 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-11 12:33:56 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-11 12:33:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-11 12:33:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-11 12:32:51 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-08-11 12:32:51 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-08-11 12:31:47 2855424 ----a-w- c:\windows\system32\mf.dll
2010-08-11 12:31:46 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-11 12:31:46 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-11 12:31:46 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-11 12:31:46 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-11 12:30:22 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 12:30:21 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 12:26:57 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-08-11 12:26:17 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-08-11 12:26:17 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-11 12:25:27 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-08-11 12:24:20 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-11 12:22:10 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-08-11 12:21:10 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-08-11 12:21:10 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-08-11 12:17:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-11 12:16:35 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-08-11 12:16:35 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-08-11 12:15:20 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-11 12:14:04 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-11 12:14:04 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-08-11 12:14:04 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-08-11 12:12:47 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-08-11 12:10:03 414208 ----a-w- c:\windows\system32\msscp.dll
2010-08-11 12:08:43 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-08-11 12:07:26 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-08-11 12:06:05 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-08-11 12:06:05 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-08-11 12:06:05 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-08-11 12:06:05 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-08-11 12:06:04 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-08-11 12:06:04 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-08-11 11:59:45 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-08-11 11:59:45 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-08-11 11:59:44 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-08-11 11:59:44 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-08-11 11:59:44 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-08-11 11:59:44 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-08-11 11:59:44 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-11 11:59:44 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-08-11 11:54:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-11 11:53:12 696832 ----a-w- c:\windows\system32\localspl.dll
2010-08-11 11:48:24 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-11 11:48:23 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-08-11 11:48:23 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-08-11 11:48:23 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-08-11 11:48:21 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-08-11 11:48:21 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-08-11 11:47:17 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-08-11 11:46:13 2923520 ----a-w- c:\windows\explorer.exe
2010-08-11 11:45:06 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-08-11 11:42:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-08-11 11:42:43 7680 ----a-w- c:\windows\system32\lsass.exe
2010-08-11 11:42:43 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-11 11:42:43 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-11 11:42:43 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-11 11:42:42 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-11 11:42:41 272384 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 11:41:20 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-08-11 11:37:59 3102720 ----a-w- c:\windows\system32\NlsData004b.dll
2010-08-11 11:30:29 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-08-11 11:27:32 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-08-11 11:27:30 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-08-11 11:27:30 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-08-11 11:27:30 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-08-11 11:27:29 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-08-11 11:27:29 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-08-11 11:27:29 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-08-11 11:27:28 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-08-11 11:27:28 53248 ----a-w- c:\windows\system32\iasads.dll
2010-08-11 11:27:28 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-08-11 11:27:28 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-08-11 11:26:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-08-11 11:26:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-08-11 11:22:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-11 11:22:57 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-08-11 11:22:57 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-08-11 11:22:57 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-11 11:22:57 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-08-11 11:22:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-11 11:22:56 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 11:19:30 0 d-----w- c:\users\manda\appdata\roaming\Avira
2010-08-11 11:18:56 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-08-11 11:18:56 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-08-11 11:18:56 2048 ----a-w- c:\windows\system32\asferror.dll
2010-08-11 11:18:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-11 11:17:00 25600 ----a-w- c:\windows\system32\amxread.dll
2010-08-11 11:17:00 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-08-11 11:15:57 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-08-11 11:15:57 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-08-11 11:15:57 223232 ----a-w- c:\windows\system32\SLC.dll
2010-08-11 11:15:56 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-08-11 11:15:56 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-08-11 11:15:56 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-08-11 11:15:56 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-08-11 11:15:55 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-08-11 11:15:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-08-11 11:14:57 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-08-11 11:14:57 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-08-11 11:14:57 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-08-11 11:13:40 97792 ----a-w- c:\windows\system32\cabview.dll
2010-08-11 11:11:10 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-08-11 11:11:10 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-08-11 11:11:08 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-08-11 11:11:08 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-08-11 11:11:07 1984512 ----a-w- c:\windows\system32\authui.dll
2010-08-11 11:11:04 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-08-11 11:11:03 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-08-11 11:10:11 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-08-11 11:10:11 37376 ----a-w- c:\windows\system32\printcom.dll
2010-08-11 11:09:22 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 11:07:36 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-08-11 11:07:36 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-08-11 11:06:40 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-11 11:06:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-08-11 11:06:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-08-11 11:05:26 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-08-11 11:05:25 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-11 11:05:25 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-11 11:05:25 472576 ----a-w- c:\windows\system32\secproc.dll
2010-08-11 11:05:25 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-11 11:05:25 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-11 11:05:25 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-11 11:05:25 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-11 11:05:24 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-11 11:04:32 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-08-11 11:03:14 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-08-11 11:03:14 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-08-11 10:58:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-08-11 10:58:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-08-11 10:58:19 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-08-11 10:58:19 11264 ----a-w- c:\windows\system32\icardres.dll
2010-08-11 10:58:15 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-11 10:58:12 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-08-11 10:58:12 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-11 10:58:12 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-11 10:36:35 65536 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-08-11 10:36:35 28180480 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-08-11 10:36:35 196608 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-08-11 10:34:21 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-08-11 10:34:20 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-11 10:34:19 83968 ----a-w- c:\windows\system32\mscories.dll
2010-08-11 10:34:19 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-08-11 10:34:19 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-08-11 10:17:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-11 10:16:58 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-11 10:16:58 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-08-11 10:16:22 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-08-11 10:16:22 94720 ----a-w- c:\windows\system32\logagent.exe
2010-08-11 10:15:35 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-08-11 10:15:35 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-11 10:15:13 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-08-11 10:14:52 1645568 ----a-w- c:\windows\system32\connect.dll
2010-08-11 10:14:33 5120 ----a-w- c:\windows\system32\wmi.dll
2010-08-11 10:14:33 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-08-11 10:14:33 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-08-11 10:14:16 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-11 10:13:34 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-11 10:13:34 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-08-11 10:13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-11 10:11:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 10:11:36 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-08-11 10:11:22 274432 ----a-w- c:\windows\system32\raschap.dll
2010-08-11 10:11:22 232960 ----a-w- c:\windows\system32\rastls.dll
2010-08-11 10:10:58 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-08-11 10:10:43 99840 ----a-w- c:\windows\system32\poqexec.exe
2010-08-11 10:10:36 633856 ----a-w- c:\windows\system32\user32.dll
2010-08-11 10:09:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-08-11 10:09:15 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-08-11 10:09:15 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-08-11 10:09:15 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-08-11 10:09:15 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-08-11 10:09:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-08-11 10:09:15 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-08-11 10:09:14 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-08-11 10:09:14 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-08-11 10:09:14 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-08-11 10:08:32 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-08-11 10:08:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-11 10:07:49 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-11 10:07:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-11 10:07:48 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-08-11 10:07:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-11 10:07:45 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-11 09:54:07 0 d-----w- c:\programdata\Adobe
2010-08-11 09:52:27 40960 ----a-w- c:\windows\system32\F5D7051.dll
2010-08-11 09:52:26 0 d-----w- c:\program files\Belkin
2010-08-11 09:51:05 0 d-sh--w- c:\windows\Installer
2010-08-11 09:51:01 0 d-----w- c:\program files\Carbonite
2010-08-11 09:51:00 0 d-sh--w- c:\windows\ftpcache
2010-08-11 09:50:51 0 d-----w- c:\programdata\muvee Technologies
2010-08-11 09:47:48 0 d-----w- c:\windows\Panther
2010-08-11 09:47:04 36 ---ha-r- c:\windows\DELL_VERSION
2010-08-11 09:47:04 0 d-----w- c:\windows\system32\OEM
2010-08-11 03:25:13 0 d-----w- c:\users\manda\Tracing
2010-08-11 03:20:51 0 d-----w- c:\program files\Microsoft
2010-08-11 03:20:08 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-11 03:19:11 0 d-----w- c:\windows\PCHEALTH
2010-08-11 03:15:49 0 d-----w- c:\program files\common files\Windows Live
2010-08-11 03:08:41 36917 ----a-w- c:\programdata\nvModes.dat
2010-08-11 03:03:46 0 d-----w- c:\programdata\NVIDIA
2010-08-11 03:01:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-11 03:00:43 0 d-----w- c:\program files\NVIDIA Corporation
2010-08-11 02:53:26 0 d-----w- c:\program files\SystemRequirementsLab
2010-08-11 02:47:46 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-08-11 02:46:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-08-11 02:45:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-08-11 02:45:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-11 02:38:59 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-11 02:38:57 0 d-----w- c:\programdata\Avira
2010-08-11 02:38:57 0 d-----w- c:\program files\Avira
2010-08-11 02:32:09 0 d-----w- c:\users\manda\appdata\roaming\Trusteer
2010-08-11 02:32:06 0 d-----w- c:\program files\Trusteer
2010-08-11 02:31:21 0 d-----w- c:\programdata\Trusteer
2010-08-11 02:19:26 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-11 02:18:07 0 d-----r- c:\program files\Skype
2010-08-11 02:17:57 0 d-----w- c:\programdata\Skype
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

==================== Find3M ====================

2010-08-11 13:32:00 174 --sha-w- c:\program files\desktop.ini
2010-08-11 13:22:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 13:22:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-11 13:22:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 13:22:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-11 13:05:27 72704 ----a-w- c:\windows\system32\admparse.dll
2010-08-11 13:05:24 832512 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 13:05:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 13:05:16 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-11 13:05:09 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-11 13:05:05 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-08-11 11:38:49 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-08-11 11:37:59 3102720 ----a-w- c:\windows\system32\NlsData004c.dll
2010-08-11 11:29:49 40960 ----a-w- c:\windows\system32\srclient.dll
2010-08-11 10:06:29 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2010-08-11 10:06:28 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2010-07-09 15:37:10 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 15:37:10 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:37:10 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:37:10 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:37:10 110696 ----a-w- c:\windows\system32\nvmctray.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:44:50.52 ===============

The second log is too long to post here, so I've attached it in a zip file, as it ended up quite large. Many thanks if anyone can help.
 
Please close this thread, I've been able to get assistance from my computer wiz uncle. Reformatted completely and now I'm clean.
 
Status
Not open for further replies.
Back
Top