Jump to content


Photo

getting windows no disc error


  • This topic is locked This topic is locked
39 replies to this topic

#1 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 06 November 2012 - 08:40 AM

Attached File  windows disc error.JPG   32.87KB   49 downloadsusing xp sp3 al upto date etc, pc runs fine but after i burn a cd get error on screen says windows no disc please insert disc into drive e same on nero and burn away, have 2 drives have done a repair of xp and swapped drive letters in drive management still the same cant send a sreen shot as pic is to big in size any help would be nice regards baz


Edit: Please read the Instructions and post the requested logs. We need the information in order to help you.

Edited by cnm, 06 November 2012 - 09:33 AM.


#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 November 2012 - 03:17 PM

Hello bazer. Does this happen if you use ImgBurn?

Please read the Instructions and post the requested logs. We need the information in order to help you.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 08 November 2012 - 01:08 PM

Hello bazer. Does this happen if you use ImgBurn?

Please read the Instructions and post the requested logs. We need the information in order to help you.



#4 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 08 November 2012 - 01:11 PM

thanks for your reply no dosnt happen with imgburn ive attached some logs

[logs removed]

Edited by cnm, 08 November 2012 - 03:16 PM.


#5 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 November 2012 - 01:43 PM

Please copy the logs into replies. I don't download log attachments. Please use the dark 'Add Reply' button.

If ImgBurn works well for you, I suggest uninstalling Nero and BurnAway.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#6 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 08 November 2012 - 03:04 PM

here are logs imgburn is ok but also needs codecs cheers baz




Results of screen317's Security Check version 0.99.54



Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 9
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22/10/2012 18:48:24
System Uptime: 08/11/2012 13:42:55 (6 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon™ XP 3200+ | Socket A | 2191/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 316.116 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 199.455 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 406.816 GiB free.
H: is FIXED (NTFS) - 1863 GiB total, 1635.016 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: Silicon Image SiI 3114 SATALink Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_31141095&REV_02\4&3B1D9AB8&0&4040
Manufacturer: Silicon Image
Name: Silicon Image SiI 3114 SATALink Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_31141095&REV_02\4&3B1D9AB8&0&4040
Service: SI3114
.
==== System Restore Points ===================
.
RP1: 22/10/2012 18:51:46 - System Checkpoint
RP2: 22/10/2012 19:12:18 - Software Distribution Service 3.0
RP3: 22/10/2012 19:41:38 - Software Distribution Service 3.0
RP4: 22/10/2012 19:47:11 - Software Distribution Service 3.0
RP5: 22/10/2012 20:33:17 - Software Distribution Service 3.0
RP6: 22/10/2012 20:33:57 - Software Distribution Service 3.0
RP7: 22/10/2012 20:43:19 - Software Distribution Service 3.0
RP8: 22/10/2012 20:46:15 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP9: 22/10/2012 20:47:24 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP10: 22/10/2012 21:09:47 - Software Distribution Service 3.0
RP11: 22/10/2012 21:16:10 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP12: 23/10/2012 13:02:24 - Software Distribution Service 3.0
RP13: 23/10/2012 14:02:54 - Installed Microsoft Fix it 50652
RP14: 23/10/2012 15:09:14 - Software Distribution Service 3.0
RP15: 23/10/2012 15:25:45 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP16: 23/10/2012 16:10:07 - avast! Free Antivirus Setup
RP17: 24/10/2012 17:17:05 - Installed Microsoft Fix it 50535
RP18: 25/10/2012 11:14:07 - Revo Uninstaller's restore point - WhoCrashed 4.00
RP19: 25/10/2012 11:14:52 - Revo Uninstaller's restore point - WhoCrashed 4.00
RP20: 27/10/2012 12:38:20 - System Checkpoint
RP21: 28/10/2012 15:06:52 - System Checkpoint
RP22: 29/10/2012 20:16:17 - System Checkpoint
RP23: 30/10/2012 20:38:56 - System Checkpoint
RP24: 31/10/2012 20:52:10 - System Checkpoint
RP25: 01/11/2012 22:06:47 - System Checkpoint
RP26: 03/11/2012 15:53:00 - System Checkpoint
RP27: 06/11/2012 15:24:15 - System Checkpoint
RP28: 07/11/2012 19:01:24 - System Checkpoint
.
==== Installed Programs ======================
.

Adobe Flash Player 11 ActiveX
ARPCache Viewer
avast! Free Antivirus
Compatibility Pack for the 2007 Office system
Epson Print CD
EPSON Printer Software
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
K-Lite Codec Pack 9.3.0 (Standard)
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows XP Video Decoder Checkup Utility
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 280.26
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA Update 1.4.28
NVIDIA Update Components
NvMixer
PDF-Viewer
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
06/11/2012 17:09:15, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
03/11/2012 15:16:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
03/11/2012 15:16:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/11/2012 15:15:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================



DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by barrie at 19:00:26 on 2012-11-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1593 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108839
mPolicies-Explorer: NoDriveAutoRun = dword:67108839
mPolicies-Explorer: NoDriveTypeAutoRun = dword:223
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{9E77DD53-1250-4CA8-A883-5A5B5797CB00} : DHCPNameServer = 8.8.8.8 8.8.4.4
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Notification Packages = Error!
.
============= SERVICES / DRIVERS ===============
.
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2012-7-19 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2012-7-19 39440]
R0 fst376xp;fst376xp;c:\windows\system32\drivers\fst376xp.sys [2009-8-31 159744]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2012-10-22 19240]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-23 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-23 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-23 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-23 44808]
S0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [2012-10-22 73768]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2011-12-27 163616]
S3 FASTMNT;FASTMNT;c:\windows\system32\drivers\fastmnt.sys [2012-7-22 21528]
.
=============== Created Last 30 ================
.
2012-11-03 13:06:58 172032 ----a-w- c:\windows\system32\nvuide.exe
2012-10-29 17:10:06 -------- d-----w- c:\documents and settings\barrie\Application DataComodoGroup
2012-10-29 17:09:53 -------- d-----w- c:\documents and settings\barrie\application data\ComodoGroup
2012-10-28 13:22:41 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-28 13:22:38 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-28 13:22:37 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-28 13:22:34 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-28 13:22:30 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-28 13:22:04 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-28 13:22:00 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-28 13:21:58 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-28 13:21:53 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-10-28 13:21:51 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-28 13:21:50 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-10-28 13:21:31 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-10-28 13:21:29 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-10-28 13:21:25 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-10-28 13:21:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-10-28 13:21:08 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-10-28 13:21:05 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-10-28 13:21:00 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-10-28 13:21:00 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-10-28 13:19:58 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-10-28 13:18:59 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-10-28 13:17:57 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-10-28 13:16:59 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-10-28 13:15:58 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-10-28 13:14:59 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-10-28 13:13:57 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-10-28 13:12:56 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-10-28 12:12:27 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-10-28 12:12:24 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-10-28 12:12:23 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-10-28 12:12:20 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-10-28 12:12:18 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-10-28 12:12:16 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2012-10-28 12:12:15 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-10-28 12:12:12 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2012-10-28 12:12:06 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-10-28 12:12:02 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-10-28 12:12:00 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-10-28 12:10:57 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-10-28 12:09:56 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-10-28 12:08:58 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-10-28 12:07:57 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-10-28 12:07:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-10-28 12:07:40 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-10-28 12:07:36 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-10-28 12:07:33 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-28 12:07:25 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-10-28 12:07:17 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-10-28 12:07:11 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-28 12:07:07 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-10-28 12:05:55 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-10-28 12:05:48 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-10-28 12:05:45 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-10-28 12:05:43 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-10-28 12:05:40 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-10-28 12:05:38 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-10-28 12:05:35 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-28 12:05:31 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-10-28 12:05:26 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-10-28 12:05:22 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-10-28 12:05:21 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-10-28 12:05:10 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-28 12:03:56 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-28 12:02:48 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-10-28 12:01:45 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-10-28 12:00:58 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2012-10-28 11:59:58 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-10-28 11:58:58 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll
2012-10-28 11:57:59 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2012-10-28 11:56:57 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2012-10-28 11:55:49 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-10-28 11:54:59 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2012-10-28 11:53:59 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys
2012-10-28 11:52:58 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-10-28 11:51:47 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-10-24 17:49:30 14664 ----a-w- c:\windows\stinger.sys
2012-10-24 17:49:00 159608 ----a-w- c:\windows\system32\mfevtps.exe.8de5.deleteme
2012-10-23 15:11:03 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 15:10:26 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 15:10:07 -------- d-----w- c:\program files\AVAST Software
2012-10-23 15:10:07 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-10-23 12:02:38 -------- d-----w- c:\program files\MSXML 4.0
2012-10-22 20:28:37 -------- d-----w- C:\temp
2012-10-22 19:30:52 -------- d-----w- C:\42168317e3c2fe29092eef
2012-10-22 18:49:48 521728 -c--a-w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-22 18:49:31 6144 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2012-10-22 18:49:05 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-22 18:49:05 630272 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-22 18:49:05 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-22 18:49:05 247808 -c--a-w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-22 18:49:05 2000384 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2012-10-22 18:49:05 12800 -c--a-w- c:\windows\system32\dllcache\xpshims.dll
2012-10-22 18:49:05 11111424 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2012-10-22 18:48:48 -------- dc----w- c:\windows\ie8
2012-10-22 18:09:12 -------- d-----w- c:\windows\OemDir
2012-10-22 18:09:09 -------- d-----w- c:\windows\java
2012-10-22 18:05:53 2148864 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-22 18:05:52 2027520 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-22 18:05:06 19240 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2012-10-22 18:05:01 119848 ----a-w- c:\windows\system32\SilSupp.dll
2012-10-22 18:04:56 73768 ----a-w- c:\windows\system32\drivers\si3114.sys
2012-10-22 17:48:02 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-10-22 17:48:02 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-10-22 17:48:01 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-10-22 17:48:01 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-10-22 17:48:01 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-10-22 17:48:01 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-10-22 17:48:01 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2012-10-22 17:48:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2012-10-22 17:48:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-10-22 17:48:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2012-10-22 17:46:59 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2012-10-22 17:45:53 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2012-10-22 17:44:13 -------- d-----w- c:\program files\Online Services
2012-10-22 17:44:03 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-10-22 17:44:03 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-10-22 17:43:52 528384 ----a-w- c:\program files\common files\system\ole db\sqloledb.dll
2012-10-22 17:42:54 83968 ----a-w- c:\program files\messenger\msgsc.dll
2012-10-22 17:42:54 33792 ----a-w- c:\program files\messenger\custsat.dll
2012-10-22 17:42:54 180224 ----a-w- c:\program files\messenger\msgslang.dll
2012-10-22 17:42:54 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
2012-10-22 17:42:53 -------- d-----w- c:\program files\Messenger
2012-10-22 17:39:14 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-10-22 17:39:14 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2012-10-22 17:34:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-10-22 17:34:57 13312 ----a-w- c:\windows\system32\irclass.dll
2012-10-22 17:34:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-10-22 17:34:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-10-22 12:19:04 852480 ----a-w- c:\program files\common files\microsoft shared\vgx\SETE.tmp
2012-10-22 12:19:04 852480 ----a-w- c:\program files\common files\microsoft shared\vgx\SET129.tmp
2012-10-22 12:19:03 93184 ----a-w- c:\program files\internet explorer\SET14.tmp
2012-10-22 12:19:03 93184 ----a-w- c:\program files\internet explorer\SET12B.tmp
2012-10-22 12:19:03 38912 ----a-w- c:\program files\internet explorer\SET13.tmp
2012-10-22 12:19:03 38912 ----a-w- c:\program files\internet explorer\SET12A.tmp
2012-10-22 12:05:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-22 12:05:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-22 11:53:23 -------- d-----w- c:\program files\Conduit
2012-10-22 11:53:23 -------- d-----w- c:\documents and settings\barrie\local settings\application data\Conduit
2012-10-22 10:43:18 8728576 ----a-w- c:\documents and settings\barrie\ntuser.tmp
2012-10-20 18:55:17 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2012-10-20 18:55:12 172032 ----a-w- c:\windows\system32\nvusmb.exe
2012-10-20 18:55:11 172032 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-10-20 18:55:11 172032 ----a-w- c:\windows\system32\nvumctl.exe
2012-10-20 18:55:03 172032 ----a-w- c:\windows\system32\nvugart.exe
2012-10-20 18:32:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 15:49:27 -------- d-----w- c:\program files\UPHClean
2012-10-12 12:50:36 -------- d-----w- c:\documents and settings\barrie\application data\Runscanner.net
.
==================== Find3M ====================
.
2012-10-24 16:17:09 2108 ----a-w- C:\FixitRegBackup.reg
2012-10-23 13:40:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 13:40:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 17:37:11 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-22 17:37:11 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-22 17:37:02 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-04 12:42:19 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-02 20:22:29 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-31 07:57:33 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 07:57:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 19:10:00 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:10:00 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:01:15.56 ===============

#7 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 November 2012 - 03:38 PM

I also need to see the Malwarebytes Anti-Malware (MBAM) log, please. See http://www.spywarein...showtopic=79038

Have you always had the error after CD burning or did that start suddenly? If so, what date?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#8 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 08 November 2012 - 04:44 PM

here is mab log thanks baz


Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.08.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
barrie :: HOME [administrator]

Protection: Disabled

08/11/2012 22:37:04
mbam-log-2012-11-08 (22-43-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204690
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files
(end)

#9 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 November 2012 - 05:02 PM

There is no obvious malware.

Have you always had this problem?

I believe the "No disk in the drive" error results from not closing the disk before removing it from the drive. CD burning software may have two options:

Make it possible to add more data to the CD (close session)
Close the disk so no more data can be written. (close disk)

ImgBurn has these options under Tools > Drive > Close
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#10 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 09 November 2012 - 04:27 AM

cant remember when this started sorry but one thing has realy been bugging me , im using avast at the moment free vers , but i did uninstall this from a fer vers ago as there was probs with bsod with xp , treid to install microsoft sec ests but installs ok updates ok runs ok but on reboot after bios sreen get blue windows loading bar from left to right and thats it bar just keeps loading so have reboot f5 and choose last known config that worked then widows load but mses wont run so reinstalled avast thanks baz

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 November 2012 - 10:10 AM

Maybe this will tell us something:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 09 November 2012 - 10:56 AM

hi again hetre is log

Farbar Service Scanner Version: 09-11-2012
Ran by barrie (administrator) on 09-11-2012 at 16:56:36
Running from "C:\Documents and Settings\barrie\Local Settings\Temporary Internet Files\Content.IE5\24VWPC0U"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#13 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 November 2012 - 11:22 AM

All looking fine.

Let's try ComboFix. Make a Restore Point first.

Delete any old ComboFix you may have.
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#14 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 09 November 2012 - 11:56 AM

hi again here is log of combofix regards baz


ComboFix 12-11-09.02 - barrie 09/11/2012 17:44:55.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1611 [GMT 0:00]
Running from: c:\documents and settings\barrie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\barrie\ntuser.tmp
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET11.tmp
c:\program files\Internet Explorer\SET12.tmp
c:\program files\Internet Explorer\SET12A.tmp
c:\program files\Internet Explorer\SET12B.tmp
c:\program files\Internet Explorer\SET13.tmp
c:\program files\Internet Explorer\SET14.tmp
c:\program files\Internet Explorer\SET15.tmp
c:\program files\Internet Explorer\SET16.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-08 23:22 . 2012-11-08 23:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-08 21:44 . 2012-11-08 23:21 -------- d-----w- c:\documents and settings\barrie\Local Settings\Application Data\Google
2012-11-08 21:44 . 2012-11-08 23:21 -------- d-----w- c:\program files\Google
2012-11-06 14:00 . 2012-11-06 14:00 -------- d-----w- c:\documents and settings\barrie\Application Data\Nero
2012-11-03 13:06 . 2004-06-18 13:57 172032 ----a-w- c:\windows\system32\nvuide.exe
2012-10-29 17:10 . 2012-10-29 17:10 -------- d-----w- c:\documents and settings\barrie\Application DataComodoGroup
2012-10-29 17:09 . 2012-10-29 17:09 -------- d-----w- c:\documents and settings\barrie\Application Data\ComodoGroup
2012-10-28 12:09 . 2001-08-17 14:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-10-28 12:09 . 2001-08-17 12:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-10-28 12:09 . 2001-08-17 12:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-10-28 12:07 . 2001-08-17 14:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-10-28 12:07 . 2008-04-14 00:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-10-28 12:07 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-10-28 12:07 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-10-28 12:07 . 2008-04-14 00:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-28 12:07 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-10-28 12:07 . 2008-04-14 00:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-10-28 12:07 . 2001-08-17 13:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-28 12:07 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-10-28 12:05 . 2001-08-17 13:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-10-28 12:05 . 2001-08-17 12:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-10-28 12:05 . 2001-08-17 12:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-10-28 12:05 . 2001-08-17 12:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-10-28 12:05 . 2001-08-17 13:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-10-28 12:05 . 2008-04-14 00:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-10-28 12:05 . 2001-08-17 12:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-28 12:05 . 2001-08-17 12:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-10-28 12:05 . 2001-08-17 22:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-10-28 12:05 . 2008-04-14 05:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-10-28 12:05 . 2008-04-14 05:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-10-28 12:05 . 2008-04-14 00:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-28 12:03 . 2001-08-17 22:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-28 12:02 . 2008-04-13 23:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-10-28 12:01 . 2001-08-17 22:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-10-28 12:00 . 2001-08-17 22:36 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2012-10-28 11:59 . 2001-08-17 22:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-10-28 11:58 . 2008-04-13 22:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys
2012-10-28 11:57 . 2001-08-17 12:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2012-10-28 11:56 . 2001-08-17 22:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2012-10-28 11:55 . 2008-04-14 00:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-10-28 11:54 . 2001-08-17 22:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2012-10-28 11:53 . 2001-08-17 14:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-10-28 11:52 . 2008-04-13 22:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2012-10-24 17:49 . 2012-10-24 17:56 14664 ----a-w- c:\windows\stinger.sys
2012-10-24 17:49 . 2012-10-24 17:48 159608 ----a-w- c:\windows\system32\mfevtps.exe.8de5.deleteme
2012-10-23 15:11 . 2012-10-23 11:18 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 15:11 . 2012-10-23 11:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 15:11 . 2012-10-23 11:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 15:11 . 2012-10-23 11:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 15:11 . 2012-10-23 11:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-23 15:11 . 2012-10-23 11:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-23 15:11 . 2012-10-23 11:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-23 15:11 . 2012-10-23 11:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-23 15:10 . 2012-10-23 11:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 15:10 . 2012-10-23 11:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-23 15:10 . 2012-11-08 23:22 -------- d-----w- c:\program files\AVAST Software
2012-10-23 15:10 . 2012-11-08 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-23 12:02 . 2012-10-23 12:02 -------- d-----w- c:\program files\MSXML 4.0
2012-10-23 11:43 . 2012-10-23 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-10-22 20:28 . 2012-10-22 20:28 -------- d-----w- C:\temp
2012-10-22 19:30 . 2012-10-22 19:31 -------- d-----w- C:\42168317e3c2fe29092eef
2012-10-22 18:49 . 2012-08-28 15:14 521728 -c--a-w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-22 18:49 . 2011-08-16 10:45 6144 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2012-10-22 18:49 . 2012-08-28 19:44 11111424 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2012-10-22 18:49 . 2012-08-28 15:14 630272 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-22 18:49 . 2012-08-28 15:14 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-22 18:49 . 2012-08-28 15:14 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-22 18:49 . 2012-08-28 15:14 247808 -c--a-w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-22 18:49 . 2012-08-28 15:14 2000384 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2012-10-22 18:48 . 2012-10-22 18:48 -------- dc----w- c:\windows\ie8
2012-10-22 18:09 . 2012-10-22 18:25 -------- d-----w- c:\windows\OemDir
2012-10-22 18:09 . 2012-10-22 18:09 -------- d-----w- c:\windows\java
2012-10-22 18:05 . 2008-04-14 12:52 19240 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2012-10-22 18:05 . 2008-04-14 12:52 119848 ----a-w- c:\windows\system32\SilSupp.dll
2012-10-22 18:04 . 2008-04-14 12:52 73768 ----a-w- c:\windows\system32\drivers\si3114.sys
2012-10-22 17:56 . 2012-06-02 14:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-22 17:46 . 2008-04-14 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2012-10-22 17:45 . 2008-04-14 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2012-10-22 17:44 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-10-22 17:44 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-10-22 17:43 . 2008-04-14 12:00 528384 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll
2012-10-22 17:39 . 2008-04-13 21:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2012-10-22 17:34 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-10-22 17:34 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-10-22 17:34 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-10-22 12:19 . 2011-04-29 19:07 852480 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\SETE.tmp
2012-10-22 12:19 . 2011-04-29 19:07 852480 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\SET129.tmp
2012-10-22 11:53 . 2012-10-22 11:53 -------- d-----w- c:\program files\Conduit
2012-10-22 11:53 . 2012-10-22 11:53 -------- d-----w- c:\documents and settings\barrie\Local Settings\Application Data\Conduit
2012-10-20 18:55 . 2004-05-20 09:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2012-10-20 18:55 . 2004-06-24 17:57 172032 ----a-w- c:\windows\system32\nvusmb.exe
2012-10-20 18:55 . 2004-06-24 17:57 172032 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-10-20 18:55 . 2004-06-24 17:57 172032 ----a-w- c:\windows\system32\nvumctl.exe
2012-10-20 18:55 . 2004-04-27 14:22 172032 ----a-w- c:\windows\system32\nvugart.exe
2012-10-20 18:32 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 15:49 . 2012-10-21 10:26 -------- d-----w- c:\program files\UPHClean
2012-10-12 12:50 . 2012-10-20 15:49 -------- d-----w- c:\documents and settings\barrie\Application Data\Runscanner.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 10:57 . 2012-10-01 14:06 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-24 16:17 . 2012-09-29 14:49 2108 ----a-w- C:\FixitRegBackup.reg
2012-10-23 13:40 . 2012-05-22 11:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 13:40 . 2012-05-22 11:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 12:42 . 2011-09-21 09:43 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-02 20:22 . 2012-10-02 20:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-31 07:57 . 2012-06-16 13:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 07:57 . 2011-08-23 20:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 19:10 . 2012-10-02 14:36 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:10 . 2012-10-02 14:36 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-04-14 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 11:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0????????\0????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [19/07/2012 15:09 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [19/07/2012 15:09 39440]
R0 fst376xp;fst376xp;c:\windows\system32\drivers\fst376xp.sys [31/08/2009 11:38 159744]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [22/10/2012 18:05 19240]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/10/2012 15:11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/10/2012 15:11 360392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/10/2012 15:11 21256]
S0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [22/10/2012 18:04 73768]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [27/12/2011 10:15 163616]
S3 FASTMNT;FASTMNT;c:\windows\system32\drivers\fastmnt.sys [22/07/2012 09:31 21528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 13:40]
.
2012-11-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 11:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: talktalk.co.uk\help
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 17:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-287218729-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1645522239-287218729-1801674531-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3472)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-11-09 17:54:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 17:54
.
Pre-Run: 338,403,905,536 bytes free
Post-Run: 338,224,295,936 bytes free
.
- - End Of File - - 40611CD716C0B7B63BD616C6E32A77CF

#15 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 November 2012 - 02:21 PM

Please do the following:


1. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
ClearJavaCache::
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
File::
c:\windows\PSEXESVC.EXE
Folder::
c:\program files\Conduit
c:\documents and settings\barrie\Local Settings\Application Data\Conduit
DirLook::
C:\42168317e3c2fe29092eef

Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image
Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#16 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 09 November 2012 - 03:29 PM

Thanks for your time was the boot ex reg corrupt im only an electronic engineer but do understand but software engineering is a relative new field say 20 years compared to classic hardware engineering here is log of combiefix

ComboFix 12-11-09.02 - barrie 09/11/2012 21:09:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1607 [GMT 0:00]
Running from: c:\documents and settings\barrie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\barrie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\PSEXESVC.EXE"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\barrie\Local Settings\Application Data\Conduit
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\windows\PSEXESVC.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-08 23:22 . 2012-11-08 23:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-08 21:44 . 2012-11-08 23:21 -------- d-----w- c:\documents and settings\barrie\Local Settings\Application Data\Google
2012-11-08 21:44 . 2012-11-08 23:21 -------- d-----w- c:\program files\Google
2012-11-06 14:00 . 2012-11-06 14:00 -------- d-----w- c:\documents and settings\barrie\Application Data\Nero
2012-11-03 13:06 . 2004-06-18 13:57 172032 ----a-w- c:\windows\system32\nvuide.exe
2012-10-29 17:10 . 2012-10-29 17:10 -------- d-----w- c:\documents and settings\barrie\Application DataComodoGroup
2012-10-29 17:09 . 2012-10-29 17:09 -------- d-----w- c:\documents and settings\barrie\Application Data\ComodoGroup
2012-10-28 13:22 . 2008-04-14 05:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-28 13:22 . 2001-08-17 22:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-28 13:22 . 2008-04-14 05:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-28 13:22 . 2001-08-17 22:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-28 13:22 . 2001-08-17 22:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-28 13:22 . 2001-08-17 22:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-28 13:22 . 2001-08-17 12:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-28 13:21 . 2008-04-13 22:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-28 13:21 . 2008-04-14 00:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-10-28 13:21 . 2008-04-13 22:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-28 13:21 . 2008-04-14 05:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-10-28 13:21 . 2008-04-14 00:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-10-28 13:21 . 2008-04-13 22:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-10-28 13:21 . 2001-08-17 12:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-10-28 13:21 . 2001-08-17 13:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-10-28 13:21 . 2001-08-17 22:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-10-28 13:21 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-10-28 13:21 . 2008-04-13 22:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-10-28 13:21 . 2001-08-17 13:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-10-28 13:19 . 2001-08-17 13:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-10-28 13:18 . 2001-08-17 13:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-10-28 13:17 . 2001-08-17 12:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-10-28 13:16 . 2001-08-17 22:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-10-28 13:15 . 2001-08-17 14:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-10-28 13:14 . 2001-08-17 14:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-10-28 13:13 . 2001-08-17 14:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-10-28 13:12 . 2001-08-17 13:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-10-28 12:12 . 2001-08-17 22:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-10-28 12:12 . 2001-08-17 22:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-10-28 12:12 . 2008-04-14 05:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-10-28 12:12 . 2001-08-17 13:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-10-28 12:12 . 2008-04-14 00:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-10-28 12:12 . 2001-08-17 13:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2012-10-28 12:12 . 2008-04-14 00:10 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-10-28 12:12 . 2001-08-17 13:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2012-10-28 12:12 . 2001-08-17 22:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-10-28 12:12 . 2001-08-17 14:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-10-28 12:12 . 2001-08-17 14:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-10-28 12:10 . 2001-08-17 22:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-10-28 12:09 . 2001-08-17 13:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-10-28 12:08 . 2001-08-17 22:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-10-28 12:07 . 2001-08-17 14:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-10-28 12:07 . 2008-04-14 00:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-10-28 12:07 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-10-28 12:07 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-10-28 12:07 . 2008-04-14 00:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-28 12:07 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-10-28 12:07 . 2008-04-14 00:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-10-28 12:07 . 2001-08-17 13:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-28 12:07 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-10-28 12:05 . 2001-08-17 13:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-10-28 12:05 . 2001-08-17 12:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-10-28 12:05 . 2001-08-17 12:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-10-28 12:05 . 2001-08-17 12:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-10-28 12:05 . 2001-08-17 13:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-10-28 12:05 . 2008-04-14 00:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-10-28 12:05 . 2001-08-17 12:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-28 12:05 . 2001-08-17 12:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-10-28 12:05 . 2001-08-17 22:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-10-28 12:05 . 2008-04-14 05:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-10-28 12:05 . 2008-04-14 05:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-10-28 12:05 . 2008-04-14 00:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-28 12:03 . 2001-08-17 22:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-28 12:02 . 2008-04-13 23:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-10-28 12:01 . 2001-08-17 22:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-10-28 12:00 . 2001-08-17 22:36 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2012-10-28 11:59 . 2001-08-17 22:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-10-28 11:58 . 2008-04-13 22:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys
2012-10-28 11:57 . 2001-08-17 12:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2012-10-28 11:56 . 2001-08-17 22:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2012-10-28 11:55 . 2008-04-14 00:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-10-28 11:54 . 2001-08-17 22:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2012-10-28 11:53 . 2001-08-17 14:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-10-28 11:52 . 2008-04-13 22:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2012-10-28 11:51 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-10-24 17:49 . 2012-10-24 17:56 14664 ----a-w- c:\windows\stinger.sys
2012-10-24 17:49 . 2012-10-24 17:48 159608 ----a-w- c:\windows\system32\mfevtps.exe.8de5.deleteme
2012-10-23 15:11 . 2012-10-23 11:18 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 15:11 . 2012-10-23 11:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 15:11 . 2012-10-23 11:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 15:11 . 2012-10-23 11:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 15:11 . 2012-10-23 11:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-23 15:11 . 2012-10-23 11:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-23 15:11 . 2012-10-23 11:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-23 15:11 . 2012-10-23 11:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-23 15:10 . 2012-10-23 11:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 15:10 . 2012-10-23 11:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-23 15:10 . 2012-11-08 23:22 -------- d-----w- c:\program files\AVAST Software
2012-10-23 15:10 . 2012-11-08 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-23 12:02 . 2012-10-23 12:02 -------- d-----w- c:\program files\MSXML 4.0
2012-10-23 11:43 . 2012-10-23 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-10-22 20:28 . 2012-10-22 20:28 -------- d-----w- C:\temp
2012-10-22 19:30 . 2012-10-22 19:31 -------- d-----w- C:\42168317e3c2fe29092eef
2012-10-22 18:49 . 2012-08-28 15:14 521728 -c--a-w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-22 18:49 . 2011-08-16 10:45 6144 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2012-10-22 18:49 . 2012-08-28 19:44 11111424 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2012-10-22 18:49 . 2012-08-28 15:14 630272 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-22 18:49 . 2012-08-28 15:14 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-22 18:49 . 2012-08-28 15:14 12800 -c--a-w- c:\windows\system32\dllcache\xpshims.dll
2012-10-22 18:49 . 2012-08-28 15:14 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-22 18:49 . 2012-08-28 15:14 247808 -c--a-w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-22 18:49 . 2012-08-28 15:14 2000384 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2012-10-22 18:48 . 2012-10-22 18:48 -------- dc----w- c:\windows\ie8
2012-10-22 18:09 . 2012-10-22 18:25 -------- d-----w- c:\windows\OemDir
2012-10-22 18:09 . 2012-10-22 18:09 -------- d-----w- c:\windows\java
2012-10-22 18:05 . 2012-08-21 13:33 2148864 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-22 18:05 . 2012-08-21 12:58 2027520 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-22 18:05 . 2008-04-14 12:52 19240 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2012-10-22 18:05 . 2008-04-14 12:52 119848 ----a-w- c:\windows\system32\SilSupp.dll
2012-10-22 18:04 . 2008-04-14 12:52 73768 ----a-w- c:\windows\system32\drivers\si3114.sys
2012-10-22 17:56 . 2012-06-02 14:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-22 17:48 . 2008-04-14 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-10-22 17:48 . 2008-04-14 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-10-22 17:48 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-10-22 17:48 . 2008-04-14 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-10-22 17:48 . 2008-04-14 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-10-22 17:48 . 2008-04-14 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-10-22 17:48 . 2008-04-14 12:00 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 16:17 . 2012-09-29 14:49 2108 ----a-w- C:\FixitRegBackup.reg
2012-10-23 13:40 . 2012-05-22 11:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 13:40 . 2012-05-22 11:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 12:42 . 2011-09-21 09:43 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-02 20:22 . 2012-10-02 20:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-31 07:57 . 2012-06-16 13:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 07:57 . 2011-08-23 20:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 19:10 . 2012-10-02 14:36 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:10 . 2012-10-02 14:36 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-04-14 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\42168317e3c2fe29092eef ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 11:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [19/07/2012 15:09 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [19/07/2012 15:09 39440]
R0 fst376xp;fst376xp;c:\windows\system32\drivers\fst376xp.sys [31/08/2009 11:38 159744]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [22/10/2012 18:05 19240]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/10/2012 15:11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/10/2012 15:11 360392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/10/2012 15:11 21256]
S0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [22/10/2012 18:04 73768]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [27/12/2011 10:15 163616]
S3 FASTMNT;FASTMNT;c:\windows\system32\drivers\fastmnt.sys [22/07/2012 09:31 21528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 13:40]
.
2012-11-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 11:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: talktalk.co.uk\help
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 21:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-287218729-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1645522239-287218729-1801674531-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2012-11-09 21:18:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 21:18
ComboFix2.txt 2012-11-09 17:54
.
Pre-Run: 338,173,288,448 bytes free
Post-Run: 338,284,220,416 bytes free
.
- - End Of File - - 0D9BAEAE8DFF310613A78CD59B628CC0

Edited by bazer, 11 November 2012 - 03:30 AM.


#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 November 2012 - 04:32 PM

was the boot ex reg corrupt

It was certainly abnormal.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0????????\0????????
No telling what \0????????\0???????? was doing. ?? generally indicates Unicode.

ComboFix restored it to the normal BootExecute REG_MULTI_SZ autocheck autochk *

There are files in your dllcache that I'm unfamiliar with.
Do you know what this is?

xrxwbtmp.dll
Process name: webtemp Module
Application using this process: webtemp Module
Process author: Xerox Corporation

Also c:\windows\system32\dllcache\xrxscnui.dll, xrxftplt.exe, and xrxflnch.exe.


One more time:
Please do the following:

1. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Folder::
C:\42168317e3c2fe29092eef
c:\documents and settings\barrie\Application Data\ComodoGroup

Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image
Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 09 November 2012 - 05:09 PM

i removed utorrent dont realy use it much these days the file you saying do i need them are yey relayted to a hp printer you say uxrex corp also is c:\program files\Conduit related to the bing serch engine thanks againg here is combfix log file baz


ComboFix 12-11-09.02 - barrie 09/11/2012 22:46:48.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1559 [GMT 0:00]
Running from: c:\documents and settings\barrie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\barrie\Desktop\CFScript.txt,.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\42168317e3c2fe29092eef
c:\documents and settings\barrie\Application Data\ComodoGroup
c:\documents and settings\barrie\Application Data\ComodoGroup\CSC\Cache\Filter Entries.dat
c:\documents and settings\barrie\Application Data\ComodoGroup\CSC\Cache\Other.dat
c:\documents and settings\barrie\Application Data\ComodoGroup\CSC\Cache\Recycle Bin.dat
c:\documents and settings\barrie\Application Data\ComodoGroup\CSC\Cache\Windows Log Files.dat
c:\documents and settings\barrie\Application Data\ComodoGroup\CSC\Cache\Windows Temp Files.dat
c:\documents and settings\barrie\Application Data\ComodoGroup\CSC\Cache\Windows.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 22:04 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-09 22:04 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-09 22:04 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-09 22:04 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-09 22:04 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-09 22:04 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-09 22:04 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-09 22:04 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-09 22:03 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-09 22:03 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-09 22:03 . 2012-11-09 22:03 -------- d-----w- c:\program files\AVAST Software
2012-11-09 22:03 . 2012-11-09 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-11-08 23:22 . 2012-11-08 23:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-08 21:44 . 2012-11-08 23:21 -------- d-----w- c:\documents and settings\barrie\Local Settings\Application Data\Google
2012-11-06 14:00 . 2012-11-06 14:00 -------- d-----w- c:\documents and settings\barrie\Application Data\Nero
2012-11-03 13:06 . 2004-06-18 13:57 172032 ----a-w- c:\windows\system32\nvuide.exe
2012-10-29 17:10 . 2012-10-29 17:10 -------- d-----w- c:\documents and settings\barrie\Application DataComodoGroup
2012-10-28 13:22 . 2008-04-14 05:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-28 13:22 . 2001-08-17 22:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-28 13:22 . 2008-04-14 05:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-28 13:22 . 2001-08-17 22:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-28 13:22 . 2001-08-17 22:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-28 13:22 . 2001-08-17 22:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-28 13:22 . 2001-08-17 12:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-28 13:21 . 2008-04-13 22:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-28 13:21 . 2008-04-14 00:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-10-28 13:21 . 2008-04-13 22:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-28 13:21 . 2008-04-14 05:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-10-28 13:21 . 2008-04-14 00:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-10-28 13:21 . 2008-04-13 22:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-10-28 13:21 . 2001-08-17 12:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-10-28 13:21 . 2001-08-17 13:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-10-28 13:21 . 2001-08-17 22:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-10-28 13:21 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-10-28 13:21 . 2008-04-13 22:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-10-28 13:21 . 2001-08-17 13:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-10-28 13:19 . 2001-08-17 13:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-10-28 13:18 . 2001-08-17 13:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-10-28 13:17 . 2001-08-17 12:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-10-28 13:16 . 2001-08-17 22:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-10-28 13:15 . 2001-08-17 14:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-10-28 13:14 . 2001-08-17 14:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-10-28 13:13 . 2001-08-17 14:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-10-28 13:12 . 2001-08-17 13:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-10-28 12:12 . 2001-08-17 22:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-10-28 12:12 . 2001-08-17 22:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-10-28 12:12 . 2008-04-14 05:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-10-28 12:12 . 2001-08-17 13:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-10-28 12:12 . 2008-04-14 00:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-10-28 12:12 . 2001-08-17 13:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2012-10-28 12:12 . 2008-04-14 00:10 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-10-28 12:12 . 2001-08-17 13:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2012-10-28 12:12 . 2001-08-17 22:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-10-28 12:12 . 2001-08-17 14:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-10-28 12:12 . 2001-08-17 14:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-10-28 12:10 . 2001-08-17 22:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-10-28 12:09 . 2001-08-17 13:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-10-28 12:08 . 2001-08-17 22:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-10-28 12:07 . 2001-08-17 14:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-10-28 12:07 . 2008-04-14 00:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-10-28 12:07 . 2001-08-17 14:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-10-28 12:07 . 2001-08-17 13:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-10-28 12:07 . 2008-04-14 00:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-28 12:07 . 2001-08-17 13:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-10-28 12:07 . 2008-04-14 00:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-10-28 12:07 . 2001-08-17 13:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-28 12:07 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-10-28 12:05 . 2001-08-17 13:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-10-28 12:05 . 2001-08-17 12:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-10-28 12:05 . 2001-08-17 12:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-10-28 12:05 . 2001-08-17 12:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-10-28 12:05 . 2001-08-17 13:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-10-28 12:05 . 2008-04-14 00:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-10-28 12:05 . 2001-08-17 12:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-28 12:05 . 2001-08-17 12:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-10-28 12:05 . 2001-08-17 22:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-10-28 12:05 . 2008-04-14 05:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-10-28 12:05 . 2008-04-14 05:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-10-28 12:05 . 2008-04-14 00:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-28 12:03 . 2001-08-17 22:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-28 12:02 . 2008-04-13 23:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-10-28 12:01 . 2001-08-17 22:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-10-28 12:00 . 2001-08-17 22:36 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2012-10-28 11:59 . 2001-08-17 22:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-10-28 11:58 . 2008-04-13 22:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys
2012-10-28 11:57 . 2001-08-17 12:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2012-10-28 11:56 . 2001-08-17 22:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2012-10-28 11:55 . 2008-04-14 00:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-10-28 11:54 . 2001-08-17 22:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2012-10-28 11:53 . 2001-08-17 14:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-10-28 11:52 . 2008-04-13 22:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2012-10-28 11:51 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-10-24 17:49 . 2012-10-24 17:56 14664 ----a-w- c:\windows\stinger.sys
2012-10-24 17:49 . 2012-10-24 17:48 159608 ----a-w- c:\windows\system32\mfevtps.exe.8de5.deleteme
2012-10-23 12:02 . 2012-10-23 12:02 -------- d-----w- c:\program files\MSXML 4.0
2012-10-23 11:43 . 2012-10-23 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-10-22 20:28 . 2012-10-22 20:28 -------- d-----w- C:\temp
2012-10-22 18:49 . 2012-08-28 15:14 521728 -c--a-w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-22 18:49 . 2011-08-16 10:45 6144 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2012-10-22 18:49 . 2012-08-28 19:44 11111424 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2012-10-22 18:49 . 2012-08-28 15:14 630272 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-22 18:49 . 2012-08-28 15:14 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-22 18:49 . 2012-08-28 15:14 12800 -c--a-w- c:\windows\system32\dllcache\xpshims.dll
2012-10-22 18:49 . 2012-08-28 15:14 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-22 18:49 . 2012-08-28 15:14 247808 -c--a-w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-22 18:49 . 2012-08-28 15:14 2000384 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2012-10-22 18:48 . 2012-10-22 18:48 -------- dc----w- c:\windows\ie8
2012-10-22 18:09 . 2012-10-22 18:25 -------- d-----w- c:\windows\OemDir
2012-10-22 18:09 . 2012-10-22 18:09 -------- d-----w- c:\windows\java
2012-10-22 18:05 . 2012-08-21 13:33 2148864 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-22 18:05 . 2012-08-21 12:58 2027520 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-22 18:05 . 2008-04-14 12:52 19240 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2012-10-22 18:05 . 2008-04-14 12:52 119848 ----a-w- c:\windows\system32\SilSupp.dll
2012-10-22 18:04 . 2008-04-14 12:52 73768 ----a-w- c:\windows\system32\drivers\si3114.sys
2012-10-22 17:56 . 2012-06-02 14:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-22 17:48 . 2008-04-14 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-10-22 17:48 . 2008-04-14 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-10-22 17:48 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-10-22 17:48 . 2008-04-14 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-10-22 17:48 . 2008-04-14 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-10-22 17:48 . 2008-04-14 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-10-22 17:48 . 2008-04-14 12:00 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2012-10-22 17:48 . 2008-04-14 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2012-10-22 17:48 . 2008-04-14 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-10-22 17:48 . 2008-04-14 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 16:17 . 2012-09-29 14:49 2108 ----a-w- C:\FixitRegBackup.reg
2012-10-23 13:40 . 2012-05-22 11:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 13:40 . 2012-05-22 11:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 12:42 . 2011-09-21 09:43 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-02 20:22 . 2012-10-02 20:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-31 07:57 . 2012-06-16 13:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 07:57 . 2011-08-23 20:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 19:10 . 2012-10-02 14:36 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:10 . 2012-10-02 14:36 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-04-14 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [19/07/2012 15:09 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [19/07/2012 15:09 39440]
R0 fst376xp;fst376xp;c:\windows\system32\drivers\fst376xp.sys [31/08/2009 11:38 159744]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [22/10/2012 18:05 19240]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09/11/2012 22:04 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/11/2012 22:04 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/11/2012 22:04 21256]
S0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [22/10/2012 18:04 73768]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys --> c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [?]
S3 FASTMNT;FASTMNT;\??\c:\windows\system32\drivers\fastmnt.sys --> c:\windows\system32\drivers\fastmnt.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 13:40]
.
2012-11-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-09 22:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: talktalk.co.uk\help
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-287218729-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1645522239-287218729-1801674531-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2012-11-09 22:55:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 22:55
ComboFix2.txt 2012-11-09 21:18
ComboFix3.txt 2012-11-09 17:54
.
Pre-Run: 338,015,154,176 bytes free
Post-Run: 338,025,025,536 bytes free
.
- - End Of File - - 51A5C408B6DB8B66780E4B5420FFBB60

#19 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 November 2012 - 05:20 PM

Conduit is just a nuisance toolbar purveyor. Gets bundled with other software. http://forums.anandt...428&postcount=4

are yey relayted to a hp printer

I wouldn't think so since they were apparently written by Xerox.

How are we doing? Is the PC operating normally now?

You can do another scan to check for any remaining adware, popups, and the like.
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#20 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 03:48 AM

Conduit is just a nuisance toolbar purveyor. Gets bundled with other software. http://forums.anandt...428&postcount=4

are yey relayted to a hp printer

I wouldn't think so since they were apparently written by Xerox.

How are we doing? Is the PC operating normally now?

You can do another scan to check for any remaining adware, popups, and the like.
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

ok thanks
do you think its worth remove the xerox items here is log of adaware i also did a scan with rootalz after looking at the link you sent about conduit log file also included thanks again baz


/ info: Rootkit removal help file
// copyright: © 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SECURITY\Policy\Secrets\","SAC\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SECURITY\Policy\Secrets\","SAI\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!



# AdwCleaner v2.007 - Logfile created 11/10/2012 at 09:44:30
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : barrie - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\barrie\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\barrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [868 octets] - [10/11/2012 09:44:30]

########## EOF - C:\AdwCleaner[R1].txt - [927 octets] ##########

Edited by bazer, 10 November 2012 - 04:04 AM.


#21 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 10:53 AM

RootAlyzer Results - those are normal. Please see RKR 1.71 and HKLM\Security\Policy\Secrets. Part of Service Control Manager.

I'd remove the Xerox files simply because it seems wise not to have files you don't know about. But let's check them.
Please go to http://www.virustotal.com click on 'Choose file', and send the following file/s for analysis: You will only be able to have one file scanned at a time.

In c:\windows\system32\dllcache\

xrxwbtmp.dll
xrxscnui.dll
xrxftplt.exe
xrxflnch.exe


For each one: After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me.



Please have AdwCleaner delete the things it found:
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 12:42 PM

Please use the dark 'Add Reply' button.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#23 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 12:54 PM

ok here is a link about these files

http://ask-leo.com/comments_002129.php

here is adaware log


# AdwCleaner v2.007 - Logfile created 11/10/2012 at 18:36:29
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : barrie - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\barrie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [995 octets] - [10/11/2012 09:44:30]
AdwCleaner[R2].txt - [865 octets] - [10/11/2012 18:36:03]
AdwCleaner[S1].txt - [803 octets] - [10/11/2012 18:36:29]

########## EOF - C:\AdwCleaner[S1].txt - [862 octets] ##########



link for files at virus total



https://www.virustot...2f9dc/analysis/


https://www.virustot...ba1ad/analysis/


https://www.virustot...a67d0/analysis/


https://www.virustot...317dc/analysis/


thanks again baz

#24 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 01:22 PM

Those scans all have weird filenames, like File name: a6227d7ef8969c4dc9b14ad145dfa96d6a3edc20
Maybe I wasn't clear.
In VirusTotal:
When you click 'Choose File': then in the window that opens, navigate to c:\windows\system32\dllcache\
Then select 'xrxwbtmp.dll' and click Open.
When the file has been loaded, click Scan.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#25 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 02:30 PM

this is xrxwbtmp.dll


https://www.virustot...sis/1352578958/ seems give just mds names will do others soon thanks

#26 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 02:36 PM

It doesn't do that for me.

Try VirSCAN which is very similar.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#27 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 03:52 PM

xrxftplt.exe http://r.virscan.org...2c0793850a.html

having problems uploading files isp talk talk are not very good try later also virus total after scan changes file name to md5 hash numbers thanks baz

Edited by bazer, 10 November 2012 - 03:57 PM.


#28 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 03:59 PM

Probably they are all clean. We can remove them if you like. Do you possibly have a Xerox printer or copier you've forgotten about? Look in Control Panel, Printers and Faxes.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#29 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 04:07 PM

no never had a xerox printer seems a lot of xp systems have these files buy the way is windows 7 much more secure the xp might take the plunge been offerd a cheap 11 month old laptop for my wife thanks baz

#30 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 04:21 PM

Windows 7 is somewhat more secure, but also it is much nicer and most people like it a lot.

I guess we might aas well leave those Xerox files alone if they are clean.

Are you still getting the 'No disk' error at all? Any other problems?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#31 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 04:29 PM

just tried again still get error after a succesfull burn with nero 3will have a look a leads etc tomorrow thanks baz

#32 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 04:34 PM

Why not just use ImgBurn?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#33 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 04:38 PM

yes i agree have you tried burrrn also very nice little tool must admit getting to like imgburn thanks baz was my pc infect a little also what was all those ie8 files combofix deleted cheers baz

#34 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 05:01 PM

ComboFix deleted .tmp (temporary) files. Not known what the infection was.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#35 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 November 2012 - 05:04 PM

ok do i have to uninstall combofix etc baz

#36 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 November 2012 - 05:21 PM

Yes, please clean up our tools.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop. Also Farbar Service Scanner (FSS)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#37 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 11 November 2012 - 03:24 AM

ok have done that had to turn system restore om manualy no problem though this an old system but has been very reliaby have a newer and better mother board which i will transfer have few hard drives might treat myself to windows 7 or 8 i keep avast for now tried so many times to install mse did have free avg for found tempromentle and a pig to uninstall i use free revo portable in advanced mode very good tool thanks baz

Edited by bazer, 11 November 2012 - 03:28 AM.


#38 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 November 2012 - 10:25 AM

Avast is first-rate. You should only have one realtime antivirus running, and I would choose Avast rather than MSE although the latter is good too. And AVG problems are well known.

The XP firewall is considered inadequate because it doesn't stop outgoing traffic. There is a pretty good discussion here. (Avoid ZoneAlarm, though.)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#39 bazer

bazer

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 11 November 2012 - 10:39 AM

ok thanks for your advice will install private firewall do have a firewall on the router but doent give you any indication of what ports are open etc the osi layer is complex thanks baz

#40 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 November 2012 - 10:50 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button