Coolie42
-
Content Count
9 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Coolie42
-
-
Here are the reports, sorry for the lateness:
ComboFix 08-02-25.3 - Owner 2008-02-25 18:17:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d--hs---- C:\found.000
2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Program Files\FaxTools
2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-17 15:39 . 2003-08-18 15:03 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE
2008-02-17 15:39 . 2003-08-18 14:57 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL
2008-02-17 15:39 . 2003-08-18 14:52 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll
2008-02-17 15:39 . 2003-08-18 14:58 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL
2008-02-17 15:39 . 2003-08-18 14:55 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE
2008-02-17 15:39 . 2003-08-18 14:46 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL
2008-02-17 15:39 . 2003-08-19 14:25 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll
2008-02-17 15:39 . 2003-08-19 14:51 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL
2008-02-17 15:39 . 2002-11-13 19:40 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll
2008-02-17 15:39 . 2008-02-25 17:34 269 --a------ C:\WINDOWS\lexstat.ini
2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-02-17 13:00 . 2008-02-21 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-17 13:00 . 2008-02-17 13:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-16 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-16 20:07 . 2008-02-17 14:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-16 11:24 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-15 14:43 . 2008-02-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 13:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-15 13:26 . 2008-02-15 13:26 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-02-15 12:41 . 2008-02-15 12:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 12:16 . 2008-02-15 12:17 <DIR> d-------- C:\Program Files\AOL Companion
2008-02-15 12:15 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-02-15 12:15 . 2008-02-17 13:04 <DIR> d-------- C:\Program Files\AOL 9.0
2008-02-15 12:15 . 2004-06-22 14:03 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\VoyagerTest
2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\Common Files\FTL Shared
2008-02-15 12:14 . 2003-09-15 12:21 53,248 --a------ C:\WINDOWS\AppRun.exe
2008-02-15 12:14 . 2003-10-19 10:58 36,864 --a------ C:\WINDOWS\Restart.exe
2008-02-15 12:14 . 2003-10-19 11:02 536 --a------ C:\WINDOWS\AppRun.ini
2008-02-15 12:13 . 2008-02-15 12:13 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2008-02-15 12:13 . 2005-01-12 16:36 160,963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin
2008-02-15 12:13 . 2005-01-13 11:09 160,951 --------- C:\WINDOWS\system32\drivers\gtipdsp_.bin
2008-02-15 12:13 . 2005-01-12 16:36 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys
2008-02-15 12:13 . 2005-01-12 16:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll
2008-02-15 12:13 . 2005-01-12 16:37 17,020 --------- C:\WINDOWS\wwdslcfg.ini
2008-02-15 12:13 . 2005-01-12 16:36 12,288 --------- C:\WINDOWS\system32\CplEng.dll
2008-02-15 12:06 . 2008-02-15 12:06 <DIR> d-------- C:\Setup
2008-02-15 12:03 . 2008-02-15 12:03 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-15 12:01 . 2008-02-15 13:37 <DIR> d-------- C:\WINDOWS\occache
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Learn2.com
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Common Files\aolback
2008-02-15 12:01 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\AOL Toolbar
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2008-02-15 12:01 . 2008-02-15 12:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AOL
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-15 12:01 . 2004-08-12 14:05 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-02-15 12:01 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-02-15 12:01 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx
2008-02-15 12:01 . 2004-06-22 14:03 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-15 12:01 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-15 12:01 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx
2008-02-15 12:01 . 2001-11-21 10:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2008-02-15 12:01 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-02-15 12:01 . 2008-02-15 12:17 715 --a------ C:\WINDOWS\aolback.exe.lnk
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Real
2008-02-15 12:00 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\QuickTime
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-15 11:59 . 2008-02-15 17:23 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-15 11:59 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-15 11:59 . 2003-09-16 10:07 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2008-02-15 11:59 . 2003-09-09 14:06 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-02-15 11:59 . 2008-02-15 11:59 335 --a------ C:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-17 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-15 12:31 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-15 12:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-15 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-15 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-15 12:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-15 12:28 --------- d-----w C:\Program Files\Symantec
2008-02-15 12:00 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-04 20:01 --------- d-----w C:\Program Files\MSBuild
2008-01-04 20:01 --------- d-----w C:\Program Files\Microsoft Works
2008-01-04 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-04 19:47 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-04 19:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-04 19:30 --------- d-----w C:\Program Files\ATI Technologies
2008-01-04 19:27 --------- d-----w C:\Program Files\Intel
2008-01-04 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-04 19:22 --------- d-----w C:\Program Files\Analog Devices
2008-01-04 19:14 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-15 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-02-15 12:00 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-15 12:01 98304]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 16:36 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16:36 16384]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203080158\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 20:28:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:20:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 18:21:01
ComboFix-quarantined-files.txt 2008-02-25 18:20:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:30, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1203080158\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8209 bytes
-
Here are the reports, sorry for the delay:
ComboFix 08-02-25.3 - Owner 2008-02-25 18:17:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d--hs---- C:\found.000
2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Program Files\FaxTools
2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-17 15:39 . 2003-08-18 15:03 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE
2008-02-17 15:39 . 2003-08-18 14:57 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL
2008-02-17 15:39 . 2003-08-18 14:52 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll
2008-02-17 15:39 . 2003-08-18 14:58 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL
2008-02-17 15:39 . 2003-08-18 14:55 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE
2008-02-17 15:39 . 2003-08-18 14:46 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL
2008-02-17 15:39 . 2003-08-19 14:25 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll
2008-02-17 15:39 . 2003-08-19 14:51 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL
2008-02-17 15:39 . 2002-11-13 19:40 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll
2008-02-17 15:39 . 2008-02-25 17:34 269 --a------ C:\WINDOWS\lexstat.ini
2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-02-17 13:00 . 2008-02-21 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-17 13:00 . 2008-02-17 13:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-16 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-16 20:07 . 2008-02-17 14:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-16 11:24 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-15 14:43 . 2008-02-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 13:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-15 13:26 . 2008-02-15 13:26 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-02-15 12:41 . 2008-02-15 12:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 12:16 . 2008-02-15 12:17 <DIR> d-------- C:\Program Files\AOL Companion
2008-02-15 12:15 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-02-15 12:15 . 2008-02-17 13:04 <DIR> d-------- C:\Program Files\AOL 9.0
2008-02-15 12:15 . 2004-06-22 14:03 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\VoyagerTest
2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\Common Files\FTL Shared
2008-02-15 12:14 . 2003-09-15 12:21 53,248 --a------ C:\WINDOWS\AppRun.exe
2008-02-15 12:14 . 2003-10-19 10:58 36,864 --a------ C:\WINDOWS\Restart.exe
2008-02-15 12:14 . 2003-10-19 11:02 536 --a------ C:\WINDOWS\AppRun.ini
2008-02-15 12:13 . 2008-02-15 12:13 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2008-02-15 12:13 . 2005-01-12 16:36 160,963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin
2008-02-15 12:13 . 2005-01-13 11:09 160,951 --------- C:\WINDOWS\system32\drivers\gtipdsp_.bin
2008-02-15 12:13 . 2005-01-12 16:36 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys
2008-02-15 12:13 . 2005-01-12 16:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll
2008-02-15 12:13 . 2005-01-12 16:37 17,020 --------- C:\WINDOWS\wwdslcfg.ini
2008-02-15 12:13 . 2005-01-12 16:36 12,288 --------- C:\WINDOWS\system32\CplEng.dll
2008-02-15 12:06 . 2008-02-15 12:06 <DIR> d-------- C:\Setup
2008-02-15 12:03 . 2008-02-15 12:03 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-15 12:01 . 2008-02-15 13:37 <DIR> d-------- C:\WINDOWS\occache
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Learn2.com
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Common Files\aolback
2008-02-15 12:01 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\AOL Toolbar
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2008-02-15 12:01 . 2008-02-15 12:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AOL
2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-15 12:01 . 2004-08-12 14:05 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-02-15 12:01 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-02-15 12:01 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx
2008-02-15 12:01 . 2004-06-22 14:03 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-15 12:01 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-15 12:01 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx
2008-02-15 12:01 . 2001-11-21 10:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2008-02-15 12:01 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-02-15 12:01 . 2008-02-15 12:17 715 --a------ C:\WINDOWS\aolback.exe.lnk
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Real
2008-02-15 12:00 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\QuickTime
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-15 11:59 . 2008-02-15 17:23 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-15 11:59 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-15 11:59 . 2003-09-16 10:07 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2008-02-15 11:59 . 2003-09-09 14:06 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-02-15 11:59 . 2008-02-15 11:59 335 --a------ C:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-17 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-15 12:31 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-15 12:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-15 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-15 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-15 12:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-15 12:28 --------- d-----w C:\Program Files\Symantec
2008-02-15 12:00 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-04 20:01 --------- d-----w C:\Program Files\MSBuild
2008-01-04 20:01 --------- d-----w C:\Program Files\Microsoft Works
2008-01-04 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-04 19:47 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-04 19:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-04 19:30 --------- d-----w C:\Program Files\ATI Technologies
2008-01-04 19:27 --------- d-----w C:\Program Files\Intel
2008-01-04 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-04 19:22 --------- d-----w C:\Program Files\Analog Devices
2008-01-04 19:14 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-15 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-02-15 12:00 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-15 12:01 98304]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 16:36 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16:36 16384]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203080158\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 20:28:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:20:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 18:21:01
ComboFix-quarantined-files.txt 2008-02-25 18:20:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:30, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1203080158\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8209 bytes
-
First of all, my previous topic Infected Pc has been blocked, but I would like to thank the team and say the issue has been resolved. I could not reply in time because I had problems with my Internet connection, but it's fine now (sorry!).
The desktop PC had a malware on it, so I rebooted it (ie reinstalled everything, etc.) I backed up documents, music, etc. to my external HDD, but I think the HDD may be infected.
However, my desktop, running Windows XP Home Ed SP2, seems to think that it has two versions of the OS installed on it. When I boot it, it goes to an OS choice menu, of which there are two choices, both XP Home Ed. One works and the other doesn't.
Is this malware?
Also, when I shut down the PC, I see for a few seconds that reg.exe could not start or something like that, before Windows shuts down.
The external HDD does not open when I click it from My Computer, but asks me which program I want to open it with. Also, when I right click it, instead of open, it says Îòêðûòü !!!
The autorun.inf file on the external HDD reads as
[autorun]
open=
shell\open=Îòêðûòü
shell\open\Command=10DC53F3.exe
shell\open\Default=1
This surely cannot be normal?
Here is a HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:48, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\AOL\1203080158\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1203080158\ee\AOLServiceHost.exe
c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1203080158\ee\AOLServiceHost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\acsRollback.exe"
O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsRollbackRes.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F547F11E-9EAA-4591-BE89-B361F4D8B08B}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8019 bytes
I have a 30 day trial of AVG Anti-Spyware from today, so pls let me know whether I should use it. So far, (without the HDD plugged in) it has not picked up anything via Quick Scans.
Thanks for any suggestions.
-
Here's the log:
BitDefender Online Scanner
Scan report generated at: Tue, Jan 29, 2008 - 20:52:55
Scan path: C:\Documents and Settings\[My username]\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;
Statistics
Time
01:08:46
Files
347949
Folders
6501
Boot Sectors
5
Archives
2521
Packed Files
12912
Results
Identified Viruses
1
Infected Files
2
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
2
Engines Info
Virus Definitions
977987
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe
Detected with: Adware.Trymedia.DAN
E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe
Deleted
Plus a load of personal files were scanned on my external hard drive E, said they were clean
Note that none of the C drive files were under scanned files - is this normal?
Thanks
-
The ComboFix log is as follows:
ComboFix 08-01-23.1C - [My username] 2008-01-27 12:36:08.1 - NTFSx86
Running from: C:\Documents and Settings\[My username]\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-27 12:36 . 2008-01-27 12:36 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-27 12:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 18:24 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-21 16:28 . 2008-01-27 09:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 16:28 . 2008-01-21 16:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 16:27 . 2008-01-21 16:28 <DIR> d-------- C:\Program Files\iTunes
2008-01-21 16:27 . 2008-01-21 16:27 <DIR> d-------- C:\Program Files\iPod
2008-01-21 16:26 . 2008-01-21 16:26 <DIR> d-------- C:\Program Files\Bonjour
2008-01-21 16:25 . 2008-01-21 16:26 <DIR> d-------- C:\Program Files\QuickTime
2008-01-21 16:24 . 2008-01-21 16:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-21 16:24 . 2008-01-21 16:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-20 16:09 . 2008-01-20 16:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-20 16:09 . 2004-08-12 14:10 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-20 16:07 . 2008-01-20 16:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-20 16:07 . 2008-01-20 16:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-20 15:30 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-20 15:30 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-20 15:30 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-20 15:30 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-20 15:30 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-20 15:30 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-20 15:30 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-20 15:30 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-20 15:30 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-20 15:21 . 2008-01-20 15:21 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-18 18:29 . 2008-01-18 18:29 <DIR> d-------- C:\Program Files\LimeWire
2008-01-16 22:54 . 2008-01-16 22:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-16 19:07 . 2008-01-16 19:07 <DIR> d-------- C:\Program Files\DIFX
2008-01-16 19:07 . 2004-09-03 10:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
2008-01-16 19:07 . 2006-11-14 19:42 43,520 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-01-16 19:07 . 2006-11-14 17:35 37,376 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys
2008-01-16 19:07 . 2006-11-15 00:16 32,256 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys
2008-01-16 19:07 . 2005-05-06 19:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll
2008-01-16 18:42 . 2005-02-11 09:24 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-01-16 18:42 . 2005-02-11 09:19 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-01-15 20:42 . 2008-01-15 20:42 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-01-15 20:10 . 2008-01-15 20:10 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-15 20:10 . 2008-01-15 20:10 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-15 20:09 . 2008-01-15 20:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-13 18:54 . 2008-01-13 18:54 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-13 18:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-13 18:53 . 2008-01-13 18:53 <DIR> d-------- C:\Program Files\Java
2008-01-13 18:53 . 2008-01-13 18:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-13 16:59 . 2008-01-13 16:59 <DIR> d-------- C:\Program Files\MSBuild
2008-01-13 16:59 . 2008-01-13 16:59 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-13 16:53 . 2008-01-13 16:58 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-13 16:51 . 2008-01-13 16:51 <DIR> dr-h----- C:\MSOCache
2008-01-13 16:47 . 2008-01-13 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 20:52 . 2008-01-11 20:52 <DIR> d-------- C:\Program Files\Sibelius Software
2008-01-11 19:46 . 2008-01-11 19:48 <DIR> d-------- C:\Program Files\Picasa2
2008-01-11 19:46 . 2008-01-20 17:03 <DIR> d-------- C:\Program Files\Google
2008-01-11 19:46 . 2006-10-05 02:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-11 19:46 . 2006-10-05 02:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-10 21:06 . 2008-01-10 21:06 <DIR> d-------- C:\Program Files\Musicnotes
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-07 18:33 . 2008-01-07 18:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-07 09:55 . 2008-01-07 09:55 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-06 19:17 . 2008-01-06 19:17 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-01-06 19:15 . 2008-01-15 20:24 5 --a------ C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2008-01-06 19:15 . 2008-01-15 20:24 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2008-01-06 19:12 . 2008-01-06 19:12 <DIR> d-------- C:\Program Files\Dell
2008-01-06 19:12 . 2005-07-08 13:19 666 --a------ C:\WINDOWS\speed.reg
2008-01-06 19:08 . 2006-06-14 09:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-06 19:08 . 2006-06-14 09:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-06 19:08 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-01-06 19:08 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-01-06 19:08 . 2006-06-14 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-06 19:08 . 2006-06-14 08:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-01-06 19:06 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-01-06 19:06 . 2004-08-03 23:15 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-01-06 19:06 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-01-06 19:06 . 2004-08-03 22:58 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2008-01-06 19:06 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-01-06 19:06 . 2004-08-03 22:58 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2008-01-06 19:06 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-01-06 19:06 . 2004-08-03 22:58 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys
2008-01-06 19:05 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-06 19:05 . 2004-08-04 00:56 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-06 19:05 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-06 19:05 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-01-06 19:05 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-06 19:05 . 2004-08-04 00:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-06 19:03 . 2008-01-06 19:03 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-06 19:03 . 2007-05-10 10:24 1,222,840 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-01-06 19:03 . 2007-05-10 10:23 270,336 --a------ C:\WINDOWS\system32\stacapi.dll
2008-01-06 19:03 . 2007-08-21 09:58 146,944 --a------ C:\WINDOWS\system32\st325602.dll
2008-01-06 19:00 . 2008-01-06 19:00 <DIR> d-------- C:\Program Files\Synaptics
2008-01-06 19:00 . 2006-03-08 12:35 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-01-06 19:00 . 2006-03-08 12:38 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-01-06 19:00 . 2006-03-08 12:38 94,299 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-01-06 19:00 . 2006-03-08 12:37 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-01-06 19:00 . 2006-03-08 12:51 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-01-06 19:00 . 2006-03-08 12:49 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-01-06 18:26 . 2008-01-06 18:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 18:26 . 2008-01-06 18:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-06 12:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-06 12:09 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 18:06 --------- d-----w C:\Program Files\AOL 9.0
2008-01-13 16:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2008-01-09 18:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-06 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 22:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-04 19:24 --------- d-----w C:\Program Files\AOL Companion
2007-12-25 17:46 --------- d-----w C:\Program Files\Viewpoint
2007-12-25 17:46 --------- d-----w C:\Program Files\Learn2.com
2007-12-25 17:46 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-25 17:46 --------- d-----w C:\Program Files\Common Files\aolback
2007-12-25 17:45 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2007-12-25 17:45 --------- d-----w C:\Program Files\Real
2007-12-25 17:45 --------- d-----w C:\Program Files\Common Files\Real
2007-12-25 17:45 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-12-25 17:45 --------- d-----w C:\Program Files\AOL Toolbar
2007-12-25 17:41 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-25 17:35 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 23:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-04 19:10 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 06:00 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-08 08:38 496752]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-25 17:45 26112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47 16384]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]
"HostManager"="C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe" [2006-03-10 22:22 48280]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 20:00 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]
C:\Documents and Settings\[My username]\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2003-08-15 12:56]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\
\Shell\open\Command - 10DC53F3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1330978b-bcff-11dc-a157-009096f8e308}]
\Shell\AutoRun\command - F:\
\Shell\open\Command - 001B9622.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51a17378-be25-11dc-a15b-5050506f4531}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - 10DC53F3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f98cc4-c140-11dc-a165-009096f8e308}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - 001B9622.exe
*Newly Created Service* - ATWPKT2
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 16:25:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 11:43:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-26 19:05:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - [My username].job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 12:38:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-27 12:39:32
.
2008-01-22 19:06:43 --- E O F ---
The HijackThis log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:29, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1199475493\ee\aolsoftware.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 11192 bytes
Sorry but I want to protect my identity for obvious reasons.
I tried to do the PandaScan but after downloading the files, etc., the webpage could not go to the link which I presume had the report in. It won't let me redo it, so is there a way of removing the installantion files and ActiveX controls so I could try this again? Sorry for the inconvenience again!
Plus, AOL Spyware says it detects Bifrost (a backdoor malware) - should I block this?
Also, can you tell me whether deleting these infected files on the external E drive will have an effect on the other files there?
Thank you.
-
Hi, sorry this has taken so long
Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:51, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9244 bytes
I'm really sorry but the AVG AntiSpyware log was for some reason not created. I can, however tell you that:
Many infections were found. The first was:
Origin: E:\System Volume Information\_restore{8A95F0D7-0C01-40BA-B53D-9741069FAA85}\RP3\A0000094.exe which was infected with Trojan.QQPass.aom
Then there are hundreds of
Origin: E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP56\A0006345.exe which were infected with Trojan.QQPass.aom
The numbers in bold count down as each infection is listed to 6082
There are other similar infections which also count down. Please tell me if you need their details but I think these are all similar, plus they're in the same location.
The E drive happens to be my external HDD. Please tell me that the files in there are safe or can be cleaned as they are v important.
Once again, I'm really sorry that I've made a bit of a mess of things. If there is a chance to redo the scan or something, pls let me know.
AOL Spyware keeps on saying that it has blocked Estalive and has the same problem whilst opening.
You know if you hover the mouse over the start menu, it says click here to begin. Sometimes that message gets randomly bigger.
Also my computer things I have a usb pen drive located at G when I don't.
Every time I save a file or copy one, I get a Thumbs.db file which I cannot open.
In My Documents, there is a desktop.ini file which I cannot open.
What is all this - malware or Xp dying??
Thanks for your help and suggestions.
-
Just to let you know that Spyware doctor is now working again.
The new HijackThis log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:18, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
c:\program files\common files\aol\1199475493\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
D:\MATHSWATCH_Higher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10049 bytes
-
Hi, I am running Xp Home Edition SP2
Some info:
Spyware doctor has stopped working.
AOL Spyware keeps saying it has blocked "Estalive"; this keeps on appearing and if I try to view the blocked items, the spyware comes up with an error message and cannot open.
I used to have a popup coming up frequently saying "Warning! Potential Spyware Operation... etc." ( I think this is a common one ) which was posing itself as a Windows Security Alert. After rebooting the PC (reinstalled Xp), the popups no longer appear.
Another thing is that Windows has done some sort of CHKDSK on any external HDDs or usb pen drives that I have connected and it has had some weird effects such as loss of data, asking me what program I want to use to open the external HDD/usb pen drive when I click it. Plus it has created a recycled file in the HDD along with a autorun.inf txt file which opens in notepad and reads:
[autorun]
open=
shell\open=Îòêðûòü
shell\open\Command=10DC53F3.exe
shell\open\Default=1
When I right click the HDD in my computer, instead of saying open, it says Îòêðûòü. ?! Is this malware or Xp?
Here's my HijackThis logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:42, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
c:\program files\common files\aol\1199475493\ee\aolsoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10310 bytes
Also, does reinstalling Xp necessarily remove malware, etc.?
PLS HELP, I need my PC working- so many important files!
Infected Pc 2 Cont'd[INACTIVE]
in Malware Removal
Posted
Can someone pls help me with this?
I know the lateness is annoying but its been a while....
Thank you