Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
TeMerc, as requested, here is my new thread. Thanks for your help & time on this.
Quote:
Originally Posted by timeoutgang
Ran a panda scan online & the following were found:-
Elite, found in 2 locations,
1) C:\Windows\system32\drivers\tdiip.sys
2) C:\Windows\system32\windump.exe
List.istbar, found in c:\windows\system32\mscache.sys
Thespyguard, found in c:\windows\system32\winsrv32.exe
Mywebsearch, found in hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Com.com, found in C:\documents and settings\Dafydd\Cookies\dafydd@com[1].txt
SCKeylog.AC, found in 10 locations,
1) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe[klenA]
2) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe[kllnA]
3) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe[klenA]
4) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe[kllnA]
5) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe[klenA]
6) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe[kllnA]
7) C:\documents and settings\Dafydd\My Documents\My Recieved Files\scklpro.zip[scklpro.exe][klenA]
8) C:\documents and settings\Dafydd\My Documents\My Recieved Files\scklpro.zip[scklpro.exe][kllnA]
9) C:\Program Files\SCKLPRO\klenA
10) C:\Program Files\SCKLPRO\kllnA
Eicar.Mod, found in C:\KAV\PersonalPro\CD French\data1.cab[eicar.html]
Hack Tool/EvID, found in C:\Program Files\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]
Don't know where to turn next! Why haven't AVG, Spybot & AdAware picked these up?
Please help, what now?
I just used the 'search' function for the other thread in Spyware & Virus removal, and neither of these two files:
winsrv32.exe
mscache.sys
appear in the search, so it looks to be newly injected. Of course I have no idea how good the search function is tho.
I just checked manually for:
SCKLPRO
It also does not appear on any of the pages on that thread.
It looks to me that somehow these things have been added. I'm going to do another search for these things later on tonite, when I'm unfettered by Jr and other things.
Cookies of course are harmless.
That reg key for MyWeb won't be causing these blue screens.
Escar thing obviously a f\p, as it's located in your KAV folder.
I'd like you to start a new threead over in S&V removal, so we can start some new searches. We had run the gamut of search tools in the other thread, to no avail.
Most of these are new.
__________________
Didn't find the information you thought to find? Check out these Similar Threads
Click on Kaspersky Online Scanner icon.
The program will then begin downloading the latest definition files. This will take a few minutes, even with hi-speed.
Once the files have been downloaded click on Next
Now click on [Scan Settings] button.
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under the Please select a target to scan:
Select My Computer
The program will begin the scanning process.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Then click on the [Save as Text] button
Save the file to your desktop.
Copy and paste that information in your next post for me to review.
And lets get an uninstall list from HJT.
Start HijackThis
Click on the [Config ]button
Click on the[ Misc Tools ]button
Click on the [Open Uninstall Manager ]button
Then click on the [Save list ]button and specify where you would like to save this file.
When you press [Save list ]button a notepad will open with the contents of that file.
Copy and paste the contents of that notepad back into this thread for me to view.
Open HJT, click the [None of the above, just start the program ]button.
Then click the [Config ]button in the lower right hand of the program.
Then select the [Misc Tools ]button.
In the upper left hand side of the program tick the two boxes [List also minor sections (full)] button and the[ List empty sections (complete)] button and select 'Yes' when prompted by the dialog box. The resultant scan will produce a notepad log file, please paste that log file back here for me to review.
Download Autoruns by Sysinternals from here and save it to your desktop.
Extract the files to your desktop, open the Autoruns folder, and double-click autoruns.exe to run it.
TeMerc, did as requested, however, when running HJT I was unable to follow your instructions below:-
"In the upper left hand side of the program tick the two boxes[List also minor sections (full)] button and the[ List empty sections (complete)] button and select 'Yes' when prompted by the dialog box.<--------- This never came up-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 12, 2006 9:23:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/12/2006
Kaspersky Anti-Virus database records: 250332
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 93287
Number of viruses found: 4
Number of infected objects: 20 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:03:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-155322.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Dafydd\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Dafydd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D0C865E2-E156-4539-8754-CFEB8672A9E6} Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\~DF18D0.tmp Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\~DF18D5.tmp Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\~DF1DC9.tmp Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Dafydd\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dafydd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\font.exe Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
C:\WINDOWS\mscompls.exe Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nsf2A.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\nsj21B.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\nsr217.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\nsu20E.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\Vic32.dll Infected: not-a-virus:Monitor.Win32.PCSpy.c skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 21:30:20, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Browser Architecture Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll
+ Microsoft Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office10\olkfstub.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Url History Service Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX Adobe Systems Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\ssv.dll
+ {089FD14D-132B-48FC-8861-0048AE113215} SiteAdvisor McAfee, Inc. c:\program files\siteadvisor\4608\siteadv.dll
+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe
Task Scheduler
+ MP Scheduled Scan.job Windows Defender Command Line Utility Microsoft Corporation c:\program files\windows defender\mpcmdrun.exe
HKLM\System\CurrentControlSet\Services
+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgupsvc.exe
+ AVGFwSrv AVG Firewall Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgfwsrv.exe
+ BITS Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. Microsoft Corporation c:\windows\system32\svchost.exe
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ BthServ Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe
+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe
+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe
+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe
+ Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Microsoft Corporation c:\windows\system32\fxssvc.exe
+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ HidServ Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe
+ NICCONFIGSVC Configure your Internal Network Card power management settings. Dell Inc. c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe
+ RegSrvc Intel Registry Service Intel Corporation c:\program files\intel\wireless\bin\regsrvc.exe
+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe
+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe
+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\svchost.exe
+ SiteAdvisor Service Provides low-level support for McAfee SiteAdvisor c:\program files\siteadvisor\4608\saservice.exe
+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe
+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe
+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\svchost.exe
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe
+ UMWdf Enables Windows user mode drivers. Microsoft Corporation c:\windows\system32\wdfmgr.exe
+ upnphost Provides support to host Universal Plug and Play devices. Microsoft Corporation c:\windows\system32\svchost.exe
+ UserAccess7 c:\windows\system32\uaservice7.exe
+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Corporation c:\windows\system32\svchost.exe
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ WinDefend Helps protect users from malicious software, spyware, and other potentially unwanted software Microsoft Corporation c:\program files\windows defender\msmpeng.exe
+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ WLANKEEPER Provides Profile Switching Service for SSO Feature Set Intelź Corporation c:\program files\intel\wireless\bin\wlkeeper.exe
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\svchost.exe
+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe
+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys
+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys
+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys
+ HSF_DP HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_dp.sys
+ HSFHWICH HSFHWICH WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\hsfhwich.sys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys
+ IntelIde Intel PCI IDE Driver Microsoft Corporation c:\windows\system32\drivers\intelide.sys
+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys
+ Ip6Fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys
+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys
+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys
+ Pcmcia PCMCIA Bus Driver Microsoft Corporation c:\windows\system32\drivers\pcmcia.sys
+ Pcouffin File not found: System32\Drivers\Pcouffin.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys
+ PRISM_A02 The 802.11g USB 2.0 Adapter provides wireless local area networking. Conexant Systems, Inc. c:\windows\system32\drivers\prisma02.sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys
+ PsSdk30 File not found: C:\WINDOWS\system32\Drivers\PsSdk30.drv
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys
+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys
+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys
+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys
+ RFCOMM Bluetooth Device (RFCOMM Protocol TDI) Microsoft Corporation c:\windows\system32\drivers\rfcomm.sys
+ s24trans WLAN Transport Intel Corporation c:\windows\system32\drivers\s24trans.sys
+ sdbus SecureDigital Bus Driver Microsoft Corporation c:\windows\system32\drivers\sdbus.sys
+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys
+ SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\windows\system32\drivers\slip.sys
+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys
+ STAC97 SigmaTel Audio Driver (WDM) SigmaTel, Inc. c:\windows\system32\drivers\stac97.sys
+ streamip Microsoft IP Test Driver Microsoft Corporation c:\windows\system32\drivers\streamip.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys
+ Grisoft Firewall AFU over [MSAFD Tcpip [RAW/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [MSAFD Tcpip [TCP/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [MSAFD Tcpip [UDP/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [RSVP TCP Service Provider] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [RSVP UDP Service Provider] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0663BC06-F7EA-4012-9E76-0781BADE41B4}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0663BC06-F7EA-4012-9E76-0781BADE41B4}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{149D67C3-1576-446C-BA92-ECF5934C9B3C}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{149D67C3-1576-446C-BA92-ECF5934C9B3C}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{216FB4DF-AE69-4E4A-B612-E45099A16A00}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{216FB4DF-AE69-4E4A-B612-E45099A16A00}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AE4B349-379F-45C6-A01A-13D60C022021}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AE4B349-379F-45C6-A01A-13D60C022021}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7777FB44-8BB5-4404-BE57-03AA02E6715E}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7777FB44-8BB5-4404-BE57-03AA02E6715E}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9585A398-5F24-4DA5-9BBA-3C206AC9C7A0}] DATAGRAM 11 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9585A398-5F24-4DA5-9BBA-3C206AC9C7A0}] SEQPACKET 11 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD186E48-A098-4F96-89C0-D1EBCD8A113E}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD186E48-A098-4F96-89C0-D1EBCD8A113E}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF8A9C19-8551-4141-BB64-220AE7E75585}] DATAGRAM 10 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF8A9C19-8551-4141-BB64-220AE7E75585}] SEQPACKET 10 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8A40512-7E18-4482-B63D-EE941CA25756}] DATAGRAM 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8A40512-7E18-4482-B63D-EE941CA25756}] SEQPACKET 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E90AC282-5088-4318-81EC-1B32F42BC6A7}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E90AC282-5088-4318-81EC-1B32F42BC6A7}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD RfComm [Bluetooth] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
TeMerc, did as requested, however, when running HJT I was unable to follow your instructions below:-
"In the upper left hand side of the program tick the two boxes[List also minor sections (full)] button and the[ List empty sections (complete)] button and select 'Yes' when prompted by the dialog box. [B]<--------- This never came up[/B
You get the gold star, I omitted one bit, to 'hit the [Generate StartupList log] button, then select 'Yes'.
Thanks for noticing that, lord knows how long it's been that way and you're the first one ever to come back and mention my mistake.
Here's the new hjt log, in 2 parts:-
StartupList report, 13/12/2006, 01:21:29
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
End of report, 45,425 bytes
Report generated in 0.328 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
OK, well after looking thru all those file logs I have found a few things which may or may not be bad in sys32:
C:\WINDOWS\system32\nsf2A.tmp
C:\WINDOWS\system32\nsj21B.tmp
C:\WINDOWS\system32\nsr217.tmp
C:\WINDOWS\system32\nsu20E.tmp
And without a scan from Jotti, I'd hesitate to say they are malicious.
Then there is these:
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
Which would be something you DLed via IM, the location being the default download folder.
Any idea what sckpro.zip is?
And if KAV didn't remove this one:
C:\WINDOWS\font.exe
Then delete it.
I'm still awaiting the Uninstall list, altho, we went thru that once already.
TeMerc, scanned these files on Jotti & the results are as follows:-
Quote:
Originally Posted by TeMerc
OK, well after looking thru all those file logs I have found a few things which may or may not be bad in sys32:
C:\WINDOWS\system32\nsf2A.tmp--> EliteKeylogger
C:\WINDOWS\system32\nsj21B.tmp--> EliteKeylogger
C:\WINDOWS\system32\nsr217.tmp--> EliteKeylogger
C:\WINDOWS\system32\nsu20E.tmp--> EliteKeylogger
And without a scan from Jotti, I'd hesitate to say they are malicious.
Then there is these:
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped--> Trojan.Spy.Win32.SCKeylog
Which would be something you DLed via IM, the location being the default download folder.
Any idea what sckpro.zip is?
And if KAV didn't remove this one:
C:\WINDOWS\font.exe -->Done
Then delete it.
I'm still awaiting the Uninstall list, altho, we went thru that once already.-->Wasn't this in my last post or have I done it wrong?
Delete these:
C:\WINDOWS\system32\nsf2A.tmp<<<--this file
C:\WINDOWS\system32\nsj21B.tmp<<<--this file
C:\WINDOWS\system32\nsr217.tmp<<<--this file
C:\WINDOWS\system32\nsu20E.tmp<<<--this file
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip<<<<---this folder
Quote:
I'm still awaiting the Uninstall list, altho, we went thru that once already.-->Wasn't this in my last post or have I done it wrong?
Not been done yet.
Start HijackThis
Click on the [Config] button
Click on the[ Misc Tools] button
Click on the [Open Uninstall Manager] button
Then click on the [Save list] button and specify where you would like to save this file.
When you press [Save list] button a notepad will open with the contents of that file.
Copy and paste the contents of that notepad back into this thread for me to view.
Sorry TeMerc, I didn't follow your instructions correctly for the uninstall list. Here it is. Also, I couldn't find the scklpro.zip folder to delete. The only folder/file I could locate was "SCKLPRO.EXE-0C8A393C.pf" which is located in "C:\WINDOWS\Prefetch"
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Reader 6.0.1
Adobe Shockwave Player
ArtMoney SE v7.21
AVG 7.5
Belarc Advisor 7.2
BitLord 1.1
Championship Manager 5
Debugging Tools for Windows
Dell Media Experience
Dell Picture Studio v3.0
D-Link VGA Webcam
Football Manager 2006
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Kaspersky Online Scanner
LimeWire PRO 4.12.3
McAfee SiteAdvisor
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Microsoft Works 7.0
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mToolkit
mWlsSafe
mXML
Mysee WebTV
mZConfig
nBinder 4 LIMITED
NCAA Championship Run 2006
NetWaiting
Network Play System (Patching)
Panda ActiveScan
PPLive 1.1.0.7
RollerCoaster Tycoon 3
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
ShortKeys Lite
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Synacast Plug-in 1.1.0.7
Tiscali Internet
Tvants 1.0
TVUPlayer 2.2.0
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
versione 0.4 Beta
VideoLAN VLC media player 0.8.2
whufc crest screensaver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol
WinRAR archiver
BSOD seems to have been fixed, thanks. AdAware is running as normal, thanks.
I did run an AVG scan yesterday & it found 6 instances of trojans, all found in "Temporary Internet Files" (details below). I am just about to run another AVG scan, AdAware scan & a Spybot scan to see if things are as they should be. My feelings are that my two sons are surfing the net & paying no attention to any firewall prompts & downloading loads of CR*P, which I need to address. Once the scans are complete I'll post my results, along with a fresh HJT, if that's OK?
