Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

CPN

14 Posts

5613

July 28th, 2009 04:00

Security software problems & trojan infection

Hi,

I am reposting this from the Virus and Spyware forum...

Original post:

Not sure if I have a malware or virus/trojan issue (I think it's a hijacker???) but I'd like some advice please.

About 3 weeks ago, my PC started experiencing pop-up windows (warnings that my PC was infected) and constant internet page redirection to various webpages including adult sites and sites to purchase antivirus software. Error windows (legitimate, I think) also came up citing 'System 32' errors. Names and titles that appeared included: Antivirus Pro, SWP2009 Demo & Antiaware pro. This coincided with the expiration of my antivirus program that I unfortunately allowed to lapse. Since reinstalling an antivirus program (ESET Smart Security), I now find that I have problems with the firewall and web access protection.

I have done extensive cleaning and scanning on my PC with the following programs:

ESET Nod, Ad-Aware, Stinger, BitDefender, SuperSpyware and MalwareBytes and CCleaner. Of these, only Ad-Aware, BitDefender & SuperSpyware found (different) infected files (virus/trojans). The programs did try to remove the infected files but they kept reappearing. I was finally able to delete the files after running Hijack This and deleting them manually.

The pop-up windows and internet page redirections have now stopped.

Since deleting the infected files in Hijack This, no further infected files have been found via scans in the previously mentioned programs. However, I am still having problems with the firewall and web access protection. A system inspection log (through ESET Nod) shows numerous files that are high risk (many with 'anti' and 'virus' variations in their name). So I am wondering if my PC is still infected?

Extra Information:

I am pretty sure that I had (have) the Antiawarepro hijacker virus/trojan as my computer's behaviour matched what I read about it on various websites. In HijackThis, I deleted the following files:

a n t i a w a r e - p r o . c o m (2 0 9 . 4 4 . 1 1 1 . 6 2) @ 4 

w w w . a n t i a w a r e - p r o . c o m (2 0 9. 4 4 . 1 1 1 .6 2) @ 5

(I have put spaces in these deliberately in case anyone clicks on them accidently).

I also deleted a Symantec file that was associated with an old Norton Antivirus program I had (using Remove Programs through the control panel did not seem to remove all files).

However, I did delete a number of files I found in various places in my C drive that were created on the day (2nd July 2009) that I first started having problems. I checked them closely first and found that they had odd information (non sensical jumble of letters) in the author / company name.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:28 PM, on 28-Jul-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MagicKey\MagicKey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicKey\OSD.EXE
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anzwers.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpamMATTERS Outlook Express Interface] C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.ato.gov.au/formflow/codebase/FormCtl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130119359265
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.ato.gov.au/formflow/codebase/scriptobject.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://harveynorman.fujicolor.com.au/en/feeders/ImageUploader4.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.ato.gov.au/formflow/codebase/fontinstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Filter hijack: text/html - {72c9a68f-19a8-4752-90d9-872727807a05} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c99943b6066220) (gupdate1c99943b6066220) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9715 bytes

Please help! Thank you.

bamajim

10.4K Posts

July 28th, 2009 19:00

 

cpn

Please download Malwarebytes' Anti-Malware from Here or Here


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

CPN

14 Posts

July 29th, 2009 05:00

Hi bamajim,

Thanks for your reply.

I already have Malwarebytes' Anti-Malware installed on my PC. Should I uninstall it and also delete the mbam-setup.exe files first? Or will downloading it just over ride the existing one? I also have a microsoft update notification - should I ignore this for the time being?

Thanks,

CPN

bamajim

10.4K Posts

July 29th, 2009 06:00


CPN

No If you have already run MBAM, let's do this

1. Go HERE and download File Lister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • As the program runs, it will appear that nothing is happening.
  • When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

CPN

14 Posts

July 29th, 2009 08:00

Bamajim,

 

I did as instructed and the Notepad opened up with the log (I assuming this is what you need). Here is the log -


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.1.1                                 +
+                                                                    +
+  By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>>  29-Jul-2009 11:55:44 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MagicKey\MagicKey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MagicKey\OSD.EXE
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

BHO: (NO NAME) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[HTpatch] = C:\WINDOWS\htpatch.exe
[NvCplDaemon] = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[WINDVDPatch] = CTHELPER.EXE
[Cmaudio] = RunDll32 cmicnfg.cpl,CMICtrlWnd
[Versato] = C:\Program Files\MagicKey\MagicKey.exe
[HPDJ Taskbar Utility] = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
[HP Software Update] = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
[DeviceDiscovery] = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[QuickTime Task] = "C:\Program Files\QuickTime\qttask.exe" -atboottime
[Adobe Photo Downloader] = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
[SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe"
[egui] = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

====== HKCU\~\Run Keys ======

[NVIEW] = rundll32.exe nview.dll,nViewLoadHook
[MoneyAgent] = "C:\Program Files\Microsoft Money\System\Money Express.exe"
[WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
[SpamMATTERS Outlook Express Interface] = C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
[H/PC Connection Agent] = "C:\PROGRA~1\MICROS~2\wcescomm.exe"
[SUPERAntiSpyware] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{3BE9036D-257D-4EEF-A2D7-3C0007EF0D51}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{83455DC8-CC91-4BE7-8666-E695CF028133}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{883D0261-8411-46A9-8122-5BB5B965B32D}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A43A3303-4691-414A-B12B-50D33D016274}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{BD1A61A7-9FBB-43EC-9178-3ABE2335D5C8}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{F625AF07-7A43-4B1D-B29A-A755855BBE6B}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{FAE7763A-835A-4B8D-A44A-C9F0A2C15986}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{3BE9036D-257D-4EEF-A2D7-3C0007EF0D51}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{83455DC8-CC91-4BE7-8666-E695CF028133}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{883D0261-8411-46A9-8122-5BB5B965B32D}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A43A3303-4691-414A-B12B-50D33D016274}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{BD1A61A7-9FBB-43EC-9178-3ABE2335D5C8}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{F625AF07-7A43-4B1D-B29A-A755855BBE6B}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{FAE7763A-835A-4B8D-A44A-C9F0A2C15986}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{3BE9036D-257D-4EEF-A2D7-3C0007EF0D51}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{83455DC8-CC91-4BE7-8666-E695CF028133}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{883D0261-8411-46A9-8122-5BB5B965B32D}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A43A3303-4691-414A-B12B-50D33D016274}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{BD1A61A7-9FBB-43EC-9178-3ABE2335D5C8}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{F625AF07-7A43-4B1D-B29A-A755855BBE6B}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{FAE7763A-835A-4B8D-A44A-C9F0A2C15986}\  NameServer=


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

25-Jul-2009 8:42:16 AM    32768    C:\FOUND.000
11-Jun-2009 1:01:35 PM    6389692    C:\08fcd41234b490cc23
11-Jun-2009 1:02:33 PM    3845598    C:\08fcd41234b490cc23\amd64
11-Jun-2009 1:02:37 PM    2544094    C:\08fcd41234b490cc23\i386
29-Jul-2009 11:55:44 PM    0    32    C:\Files.txt
07-Jul-2009 8:15:45 PM    7520    32    C:\aaw7boot.log
09-Jul-2009 8:47:59 PM    1142    C:\WINDOWS\pss
12-Jun-2009 10:26:30 AM    2470074    C:\WINDOWS\$NtUninstallKB968537$
12-Jun-2009 10:26:30 AM    623290    C:\WINDOWS\$NtUninstallKB968537$\spuninst
15-Jul-2009 8:50:46 PM    1911651    C:\WINDOWS\$NtUninstallKB971633$
15-Jul-2009 8:50:47 PM    623459    C:\WINDOWS\$NtUninstallKB971633$\spuninst
11-Jun-2009 12:32:06 PM    45082514    C:\WINDOWS\ie8
11-Jun-2009 12:32:06 PM    1173491    C:\WINDOWS\ie8\spuninst
11-Jun-2009 12:41:47 PM    25433611    C:\WINDOWS\ie8updates
11-Jun-2009 12:41:47 PM    625362    C:\WINDOWS\ie8updates\KB971180-IE8
11-Jun-2009 12:41:47 PM    623314    C:\WINDOWS\ie8updates\KB971180-IE8\spuninst
11-Jun-2009 12:42:23 PM    24081509    C:\WINDOWS\ie8updates\KB969897-IE8
11-Jun-2009 12:42:23 PM    630517    C:\WINDOWS\ie8updates\KB969897-IE8\spuninst
08-Jul-2009 5:48:11 PM    726740    C:\WINDOWS\ie8updates\KB971930-IE8
08-Jul-2009 5:48:11 PM    623828    C:\WINDOWS\ie8updates\KB971930-IE8\spuninst
11-Jun-2009 12:58:48 PM    0    C:\WINDOWS\SxsCaPendDel
10-Jun-2009 9:52:28 PM    1249613    C:\WINDOWS\$NtUninstallKB970238$
10-Jun-2009 9:52:28 PM    623949    C:\WINDOWS\$NtUninstallKB970238$\spuninst
10-Jun-2009 9:57:17 PM    893295    C:\WINDOWS\$NtUninstallKB969898$
10-Jun-2009 9:57:17 PM    622959    C:\WINDOWS\$NtUninstallKB969898$\spuninst
10-Jun-2009 9:57:53 PM    967022    C:\WINDOWS\$NtUninstallKB961501$
10-Jun-2009 9:57:53 PM    623982    C:\WINDOWS\$NtUninstallKB961501$\spuninst
12-Jun-2009 10:38:05 AM    1711475    C:\WINDOWS\$NtUninstallKB961118$
12-Jun-2009 10:38:06 AM    622635    C:\WINDOWS\$NtUninstallKB961118$\spuninst
15-Jul-2009 8:51:11 PM    892835    C:\WINDOWS\$NtUninstallKB973346$
15-Jul-2009 8:51:11 PM    622499    C:\WINDOWS\$NtUninstallKB973346$\spuninst
15-Jul-2009 9:02:03 PM    822641    C:\WINDOWS\$NtUninstallKB961371$
15-Jul-2009 9:02:04 PM    623985    C:\WINDOWS\$NtUninstallKB961371$\spuninst
26-Jul-2009 7:20:43 PM    50    32    C:\WINDOWS\wiaservc.log
11-Jul-2009 11:47:14 AM    0    0    C:\WINDOWS\Sti_Trace.log
26-Jul-2009 7:20:44 PM    216    32    C:\WINDOWS\wiadebug.log
28-Jul-2009 4:55:00 PM    0    32    C:\WINDOWS\0.log
24-Jul-2009 6:56:42 PM    121    32    C:\WINDOWS\bdagent.INI
13-Jun-2009 7:25:02 PM    26    32    C:\WINDOWS\Zone.Identifier
24-Jul-2009 7:50:15 PM    54156    34    C:\WINDOWS\QTFont.qfn
24-Jul-2009 7:50:15 PM    1409    32    C:\WINDOWS\QTFont.for
11-Jun-2009 1:05:21 PM    379588    C:\WINDOWS\system32\XPSViewer
11-Jun-2009 1:05:21 PM    3584    C:\WINDOWS\system32\XPSViewer\en-US
10-Jun-2009 9:46:34 PM    4099    32    C:\WINDOWS\system32\jupdate-1.6.0_14-b08.log
10-Jun-2009 9:47:55 PM    144792    32    C:\WINDOWS\system32\java.exe
10-Jun-2009 9:47:55 PM    144792    32    C:\WINDOWS\system32\javaw.exe
10-Jun-2009 9:47:55 PM    148888    32    C:\WINDOWS\system32\javaws.exe
11-Jun-2009 1:01:39 PM    1676288    0    C:\WINDOWS\system32\xpssvcs.dll
11-Jun-2009 1:01:42 PM    575488    0    C:\WINDOWS\system32\xpsshhdr.dll
11-Jun-2009 1:01:44 PM    117760    0    C:\WINDOWS\system32\prntvpt.dll
24-Jul-2009 4:47:38 PM    387    32    C:\WINDOWS\system32\BDUpdateV1.xml
24-Jul-2009 4:49:09 PM    81984    32    C:\WINDOWS\system32\bdod.bin
24-Jul-2009 6:59:08 PM    385    32    C:\WINDOWS\system32\user_gensett.xml
24-Jul-2009 6:59:08 PM    850    32    C:\WINDOWS\system32\ProductTweaks.xml
24-Jul-2009 8:59:21 PM    15688    32    C:\WINDOWS\system32\lsdelete.exe

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Files and Folders under "\Program Files" Last 60 Days======

26-Jul-2009 9:05:50 PM    48767876    C:\Program Files\ESET
24-Jul-2009 6:51:58 PM    55194951    C:\Program Files\Lavasoft
02-Jul-2009 11:02:36 PM    0    C:\Program Files\drv
24-Jul-2009 11:42:52 PM    406290    C:\Program Files\Trend Micro
25-Jul-2009 10:47:18 PM    24380751    C:\Program Files\SUPERAntiSpyware
26-Jul-2009 9:02:08 AM    4297780    C:\Program Files\Malwarebytes' Anti-Malware
11-Jun-2009 1:04:23 PM    36351745    C:\Program Files\Reference Assemblies
11-Jun-2009 1:05:02 PM    25757    C:\Program Files\MSBuild

====== Files under "\System32\Drivers" Last 60 Days======

26-Jul-2009 9:02:08 AM    19096    32    C:\WINDOWS\system32\drivers\mbam.sys
24-Jul-2009 6:55:37 PM    64160    32    C:\WINDOWS\system32\drivers\Lbd.sys
26-Jul-2009 9:02:15 AM    38160    32    C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======


1019 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

07-Jul-2009 5:55:28 PM    104502652    C:\Documents and Settings\All Users\Application Data\Lavasoft
07-Jul-2009 5:59:29 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\License
24-Jul-2009 6:51:58 PM    104502652    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware
24-Jul-2009 6:51:58 PM    71591700    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs
24-Jul-2009 6:51:58 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended
24-Jul-2009 6:54:08 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Crashdumps
24-Jul-2009 6:54:17 PM    32730972    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update
24-Jul-2009 6:54:47 PM    140946    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs
24-Jul-2009 6:55:31 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine
24-Jul-2009 6:55:31 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork
24-Jul-2009 6:55:31 PM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit
24-Jul-2009 6:56:25 PM    132    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\MiniMessage
24-Jul-2009 8:59:20 PM    1317    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Statistics
24-Jul-2009 6:53:20 PM    19905452    C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
25-Jul-2009 10:48:04 PM    0    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
25-Jul-2009 10:48:04 PM    0    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware
26-Jul-2009 9:02:09 AM    2432900    C:\Documents and Settings\All Users\Application Data\Malwarebytes
26-Jul-2009 9:02:10 AM    2432900    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
26-Jul-2009 9:05:48 PM    92458744    C:\Documents and Settings\All Users\Application Data\ESET
26-Jul-2009 9:05:49 PM    92458744    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security
26-Jul-2009 9:05:50 PM    4756    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon
26-Jul-2009 9:05:52 PM    54943004    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles
26-Jul-2009 9:11:15 PM    40495    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_update.eset.com
26-Jul-2009 9:15:01 PM    191623    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\continuous
26-Jul-2009 9:15:10 PM    16996368    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\temp
26-Jul-2009 9:15:10 PM    16993564    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\oldfiles
26-Jul-2009 10:11:41 PM    40501    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_89.202.149.36
26-Jul-2009 11:11:41 PM    40502    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_89.202.157.227
27-Jul-2009 12:11:41 AM    40499    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_um12.eset.com
27-Jul-2009 1:11:41 AM    40502    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_93.184.71.27
27-Jul-2009 2:11:41 AM    40502    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_um10.eset.com
27-Jul-2009 3:11:41 AM    40259    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u42.eset.com
27-Jul-2009 4:11:42 AM    40259    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u51.eset.com
27-Jul-2009 5:11:41 AM    40501    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_um14.eset.com
27-Jul-2009 10:11:53 AM    40497    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u41.eset.com
27-Jul-2009 11:11:42 AM    40497    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u50.eset.com
27-Jul-2009 5:11:41 PM    40497    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u40.eset.com
28-Jul-2009 6:55:29 PM    40502    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u46.eset.com
28-Jul-2009 8:55:30 PM    40497    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u49.eset.com
28-Jul-2009 9:55:29 PM    40497    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u58.eset.com
29-Jul-2009 1:21:12 PM    40502    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u54.eset.com
29-Jul-2009 7:21:13 PM    40501    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u45.eset.com
29-Jul-2009 8:21:12 PM    40501    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\http_u53.eset.com
26-Jul-2009 9:05:52 PM    6929    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs
26-Jul-2009 9:05:53 PM    2113    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\eScan
26-Jul-2009 9:05:53 PM    36122624    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Installer
26-Jul-2009 9:05:55 PM    0    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Oldfiles
26-Jul-2009 9:05:57 PM    7249    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Stats
26-Jul-2009 9:05:58 PM    0    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\SupportRequests
26-Jul-2009 9:10:09 PM    1138814    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Antispam
26-Jul-2009 9:44:10 PM    197982    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\SysInspector
26-Jul-2009 9:44:10 PM    0    C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\SysInspector\RA
24-Jul-2009 7:51:24 PM    1767    32    C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

cmuda (C-Media WDM Audio Interface)- C:\WINDOWS\system32\drivers\cmuda.sys - Manual/Running
ctac32k (Creative AC3 Software Decoder)- C:\WINDOWS\system32\drivers\ctac32k.sys - Manual/Stopped
ctaud2k (Creative Audio Driver (WDM))- C:\WINDOWS\system32\drivers\ctaud2k.sys - Manual/Stopped
ctprxy2k (Creative Proxy Driver)- C:\WINDOWS\system32\drivers\ctprxy2k.sys - Manual/Stopped
ctsfm2k (Creative SoundFont Management Device Driver)- C:\WINDOWS\system32\drivers\ctsfm2k.sys - Manual/Stopped
eamon (eamon)- C:\WINDOWS\system32\DRIVERS\eamon.sys - Auto/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Stopped
ehdrv (ehdrv)- C:\WINDOWS\system32\DRIVERS\ehdrv.sys - System/Running
emupia (E-mu Plug-in Architecture Driver)- C:\WINDOWS\system32\drivers\emupia2k.sys - Manual/Stopped
epfw (epfw)- C:\WINDOWS\system32\DRIVERS\epfw.sys - Auto/Running
Epfwndis (Eset Personal Firewall)- C:\WINDOWS\system32\DRIVERS\Epfwndis.sys - Manual/Stopped
epfwtdi (epfwtdi)- C:\WINDOWS\system32\DRIVERS\epfwtdi.sys - System/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
ms_mpu401 (Microsoft MPU-401 MIDI UART Driver)- C:\WINDOWS\system32\drivers\msmpu401.sys - Manual/Running
NTIDrvr (Upper Class Filter Driver)- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys - Manual/Running
ossrv (Creative OS Services Driver)- C:\WINDOWS\system32\drivers\ctoss2k.sys - Manual/Stopped
PfModNT (PfModNT)- \??\C:\WINDOWS\System32\PfModNT.sys - Auto/Running
RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver)- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys - Manual/Running
s116unic (Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM))- C:\WINDOWS\system32\DRIVERS\s116unic.sys - Manual/Stopped
SASDIFSV (SASDIFSV)- \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS - System/Running
SASENUM (SASENUM)- \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS - Manual/Running
SASKUTIL (SASKUTIL)- \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - System/Running
SE27bus (Sony Ericsson Device 039 Driver driver (WDM))- C:\WINDOWS\system32\DRIVERS\SE27bus.sys - Manual/Stopped
SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter)- C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys - Manual/Stopped
SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver)- C:\WINDOWS\system32\DRIVERS\SE27mdm.sys - Manual/Stopped
SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM))- C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys - Manual/Stopped
SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface)- C:\WINDOWS\system32\DRIVERS\SE27obex.sys - Manual/Stopped
SiS315 (SiS315)- C:\WINDOWS\system32\DRIVERS\sisgrp.sys - Manual/Running
SiSkp (SiSkp)- C:\WINDOWS\system32\drivers\srvkp.sys - System/Running
usb_rndisx (USB RNDIS Adapter)- C:\WINDOWS\system32\DRIVERS\usb8023x.sys - Manual/Stopped

====== Uninstall List ======

acer
Ad-Aware
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
ATI Display Driver
C-Media 3D Audio
CCleaner (remove only)
Askey HSFi V.90(V.92) 56K PCI Modem
Google Updater
HijackThis 2.0.2
hp print screen utility
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Internet Explorer 8
Indeo® Software
QuickTime
NTI CD-Maker 6 Gold
Microsoft Data Access Components KB870669
Windows Media Format SDK Hotfix - KB891122
Windows Genuine Advantage Validation Tool (KB892130)
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Hotfix for Windows XP (KB954550-v5)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Critical Update for Windows Media Player 11 (KB959772)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Hotfix for Windows XP (KB961118)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows Internet Explorer 7 (KB963027)
Update for Windows XP (KB967715)
Security Update for Windows XP (KB968537)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Update for Windows Internet Explorer 8 (KB971180)
Security Update for Windows XP (KB971633)
Update for Windows Internet Explorer 8 (KB971930)
Security Update for Windows XP (KB973346)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework (English) v1.0.3705
Mozilla Firefox (3.0.11)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
NVIDIA Windows 2000/XP Display Drivers
RealPlayer
Shockwave
SiS 650_740
Magic Keyboard
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft Works 2001 Setup Launcher
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Encarta World Atlas 2001 - WE
Symantec KB-DocID:2003093015493306
Security Update for CAPICOM (KB931906)
Java(TM) 6 Update 14
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
WebFldrs XP
Windows Live Sign-in Assistant
Adobe® Photoshop® Album Starter Edition 3.0
QuickTime
Windows Live Messenger
Windows Genuine Advantage v1.3.0254.0
Java 2 Runtime Environment, SE v1.4.2_03
ESET Smart Security
MSXML 4.0 SP2 (KB954430)
Compatibility Pack for the 2007 Office system
Microsoft Office Professional Edition 2003
HP Software Update
RTLSetup
Microsoft .NET Framework 3.0 Service Pack 2
Diskeeper Lite
Google Update Helper
Adobe Reader 7.0.9
OGA Notifier 1.7.0105.35.0
Microsoft ActiveSync 4.0
Microsoft .NET Framework (English)
Microsoft Office Outlook 2003 with Business Contact Manager Update
Works Synchronization
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
NTI CD-Maker
Microsoft .NET Framework 1.1
Google Earth
SUPERAntiSpyware Free Edition
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Microsoft Money 2001
Ad-Aware
HP Photo and Imaging 2.0 - Deskjet Series
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Sound Blaster Audigy Web 2K/XP
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Works Suite OS Pack
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
SpamMATTERS Outlook Express Client

======== Other Info ========

TOTAL PHYSICAL RAM: 796 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn


OS Type:  Microsoft Windows XP Professional
Build:  5.1.2600
Service Pack:  3.0


====== Files with Hidden Attributes======

C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\hiberfil.sys
C:\NTDETECT.COM
C:\WINDOWS\system32\NTICDMK32.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009050320090504\index.dat
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat

==End of Report==

bamajim

10.4K Posts

July 30th, 2009 06:00


CPN

Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.
  • Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
  • Click on the boot.ini tab and check the box that says /BOOTLOG
  • Click Apply & Ok and reboot the PC (may take a bit longer to boot)
  • Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.

CPN

14 Posts

July 30th, 2009 07:00

Bamajim,

 

Here is the results -

 

 Service Pack 3 7 30 2009 23:11:08.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver Lbd.sys
Loaded driver Fastfat.sys
Loaded driver KSecDD.sys
Loaded driver NDIS.sys
Loaded driver SISAGPX.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\sisgrp.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\DRIVERS\NTIDrvr.sys
Loaded driver \SystemRoot\system32\drivers\cmuda.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\Rtlnicxp.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\drivers\msmpu401.sys
Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ehdrv.sys
Did not load driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Did not load driver \SystemRoot\System32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\epfwtdi.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\drivers\srvkp.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Did not load driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\eamon.sys
Loaded driver \SystemRoot\system32\DRIVERS\epfw.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cnxtdiag.sys
Loaded driver \SystemRoot\System32\DRIVERS\fallback.sys
Loaded driver \SystemRoot\System32\DRIVERS\fsksnt.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\k56nt.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\System32\PfModNT.sys
Loaded driver \SystemRoot\System32\DRIVERS\faxnt.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Loaded driver \SystemRoot\System32\DRIVERS\tonesnt.sys
Loaded driver \SystemRoot\System32\DRIVERS\v124nt.sys
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \??\C:\WINDOWS\winio.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\System32\DRIVERS\asyncmac.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

CPN

14 Posts

July 30th, 2009 07:00

bamajim,

 

Can't find c:\windows\ntbtlog.txt - also used Search function in Start member. I'll now do the 2nd part and post the results shortly.

bamajim

10.4K Posts

August 3rd, 2009 08:00


CPN

What I'm looking for is not there either

Run an online virus scan called Kaspersky from HERE.
  • [1.] At the main page. Press on " Accept". After reading the contents.
    [2.] At the next window Select Update. Allow the Database to update.
    Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
    [3.] Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
    [4.] Select Scan Report.
    [5.] If any threats were found they will appear in the report
    [6.] Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt
    [7.] Save it to your Desktop.


Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well


CPN

14 Posts

August 4th, 2009 03:00

Bamajim,

 

No threats were found. Contents of report as follows:

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
 Tuesday, August 4, 2009
 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner  version: 7.0.26.13
 Program database last update: Tuesday, August 04, 2009 01:54:49
 Records in database: 2578258
--------------------------------------------------------------------------------

Scan settings:
 Scan using the following database: extended
 Scan archives: yes
 Scan mail databases: yes

Scan area - My Computer:
 A:\
 C:\
 D:\

Scan statistics:
 Files scanned: 65192
 Threat name: 0
 Infected objects: 0
 Suspicious objects: 0
 Duration of the scan: 02:40:36

No malware has been detected. The scan area is clean.

The selected area was scanned.

bamajim

10.4K Posts

August 4th, 2009 08:00

CPN

I see no signs of infection. Are you having any particular problems now that would make you thing the PC is still infected?

CPN

14 Posts

August 5th, 2009 07:00

Hi Bamajim,

 

I wanted confirmation to make sure that my PC is not infected especially as I visit confidential sites. I'm guessing that from the searches you've done that there is no infection - which is good.

 

But two things that are still happening:

(i) The Firewall & Web Access Protection in my antivirus program (ESET Smart Security) are still not working

(ii) When I run the SysInspector in ESET it still finds high risk files that include ones named "Antiviruspro" which was a file that although has not been picked recently by AV & Malware programs, it was initally. This file was present when my PC kept getting 'hijacked' and went to dodgey websites and I kept getting pop-ups that made using my PC impossible. Because I am not familiar with what the results of SysInspector are, I don't kow whether to assume the file is still present on my PC or if it is a historical record of what used to be on my PC.

I also have the following security programs installed - Ad-Aware, ESET Smart Security, Malwarebytes & SuperAntiSpyware (and HiJacker & CCleaner - but I think these two are different???). Could the combination of Ad-Aware, ESET Smart Security, Malwarebytes & SuperAntiSpyware be causing the problem in ESET?

I can post the log of the SysInspector results if that helps.  Thanks for all your help so far - I have appreciated it.

bamajim

10.4K Posts

August 5th, 2009 07:00


CPN

Yes post the log, and let's see what shows up

CPN

14 Posts

August 6th, 2009 06:00

Take two...

 

 

CPN

14 Posts

August 6th, 2009 06:00

Bamajim,

 

I got the log above by using 'export all sections to service script'. I hope it makes sense. Otherwise I have it saved as an XML document that I can email as an attachment.  Also here is a print screen of what I'm seeing which may give you a better idea of what I'm concerned about.

 

 

CPN

14 Posts

August 6th, 2009 06:00

Sorry, I can't get the print screen copy to paste...

View More

View All

No Events found!

Top