Coolie42

Members
  • Content Count

    9
  • Joined

  • Last visited

Posts posted by Coolie42

  1. Here are the reports, sorry for the lateness:

    ComboFix 08-02-25.3 - Owner 2008-02-25 18:17:50.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]

    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    F:\Autorun.inf

    .

    ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))

    .

    2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d--hs---- C:\found.000

    2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0

    2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint

    2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Program Files\FaxTools

    2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

    2008-02-17 15:39 . 2003-08-18 15:03 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE

    2008-02-17 15:39 . 2003-08-18 14:57 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL

    2008-02-17 15:39 . 2003-08-18 14:52 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll

    2008-02-17 15:39 . 2003-08-18 14:58 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL

    2008-02-17 15:39 . 2003-08-18 14:55 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE

    2008-02-17 15:39 . 2003-08-18 14:46 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL

    2008-02-17 15:39 . 2003-08-19 14:25 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll

    2008-02-17 15:39 . 2003-08-19 14:51 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL

    2008-02-17 15:39 . 2002-11-13 19:40 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll

    2008-02-17 15:39 . 2008-02-25 17:34 269 --a------ C:\WINDOWS\lexstat.ini

    2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Lexmark X1100 Series

    2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS

    2008-02-17 13:00 . 2008-02-21 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-02-17 13:00 . 2008-02-17 13:00 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-02-16 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

    2008-02-16 20:07 . 2008-02-17 14:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$

    2008-02-16 11:24 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\Common Files\Adobe

    2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

    2008-02-15 14:43 . 2008-02-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

    2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft

    2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

    2008-02-15 13:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2008-02-15 13:26 . 2008-02-15 13:26 <DIR> d---s---- C:\Documents and Settings\Owner\UserData

    2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Common Files\Scanner

    2008-02-15 12:41 . 2008-02-15 12:41 <DIR> d-------- C:\Program Files\Trend Micro

    2008-02-15 12:16 . 2008-02-15 12:17 <DIR> d-------- C:\Program Files\AOL Companion

    2008-02-15 12:15 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\Common Files\aolshare

    2008-02-15 12:15 . 2008-02-17 13:04 <DIR> d-------- C:\Program Files\AOL 9.0

    2008-02-15 12:15 . 2004-06-22 14:03 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll

    2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\VoyagerTest

    2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\Common Files\FTL Shared

    2008-02-15 12:14 . 2003-09-15 12:21 53,248 --a------ C:\WINDOWS\AppRun.exe

    2008-02-15 12:14 . 2003-10-19 10:58 36,864 --a------ C:\WINDOWS\Restart.exe

    2008-02-15 12:14 . 2003-10-19 11:02 536 --a------ C:\WINDOWS\AppRun.ini

    2008-02-15 12:13 . 2008-02-15 12:13 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem

    2008-02-15 12:13 . 2005-01-12 16:36 160,963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin

    2008-02-15 12:13 . 2005-01-13 11:09 160,951 --------- C:\WINDOWS\system32\drivers\gtipdsp_.bin

    2008-02-15 12:13 . 2005-01-12 16:36 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys

    2008-02-15 12:13 . 2005-01-12 16:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll

    2008-02-15 12:13 . 2005-01-12 16:37 17,020 --------- C:\WINDOWS\wwdslcfg.ini

    2008-02-15 12:13 . 2005-01-12 16:36 12,288 --------- C:\WINDOWS\system32\CplEng.dll

    2008-02-15 12:06 . 2008-02-15 12:06 <DIR> d-------- C:\Setup

    2008-02-15 12:03 . 2008-02-15 12:03 2 --a------ C:\WINDOWS\msoffice.ini

    2008-02-15 12:01 . 2008-02-15 13:37 <DIR> d-------- C:\WINDOWS\occache

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Viewpoint

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Learn2.com

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Common Files\aolback

    2008-02-15 12:01 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\AOL Toolbar

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver

    2008-02-15 12:01 . 2008-02-15 12:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AOL

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

    2008-02-15 12:01 . 2004-08-12 14:05 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak

    2008-02-15 12:01 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

    2008-02-15 12:01 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx

    2008-02-15 12:01 . 2004-06-22 14:03 173,184 --a------ C:\WINDOWS\system32\ygpss.scr

    2008-02-15 12:01 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX

    2008-02-15 12:01 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx

    2008-02-15 12:01 . 2001-11-21 10:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll

    2008-02-15 12:01 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

    2008-02-15 12:01 . 2008-02-15 12:17 715 --a------ C:\WINDOWS\aolback.exe.lnk

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Real

    2008-02-15 12:00 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\QuickTime

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Real

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

    2008-02-15 11:59 . 2008-02-15 17:23 <DIR> d-------- C:\Program Files\Common Files\AOL

    2008-02-15 11:59 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL

    2008-02-15 11:59 . 2003-09-16 10:07 499,712 --------- C:\WINDOWS\system32\msvcp71.dll

    2008-02-15 11:59 . 2003-09-09 14:06 348,160 --------- C:\WINDOWS\system32\msvcr71.dll

    2008-02-15 11:59 . 2008-02-15 11:59 335 --a------ C:\WINDOWS\nsreg.dat

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-25 18:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

    2008-02-25 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

    2008-02-17 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-02-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

    2008-02-15 12:31 --------- d-----w C:\Program Files\Norton Internet Security

    2008-02-15 12:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

    2008-02-15 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

    2008-02-15 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2008-02-15 12:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

    2008-02-15 12:28 --------- d-----w C:\Program Files\Symantec

    2008-02-15 12:00 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

    2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

    2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

    2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

    2008-01-04 20:01 --------- d-----w C:\Program Files\MSBuild

    2008-01-04 20:01 --------- d-----w C:\Program Files\Microsoft Works

    2008-01-04 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec

    2008-01-04 19:47 --------- d-----w C:\Program Files\Windows Sidebar

    2008-01-04 19:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft

    2008-01-04 19:30 --------- d-----w C:\Program Files\ATI Technologies

    2008-01-04 19:27 --------- d-----w C:\Program Files\Intel

    2008-01-04 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield

    2008-01-04 19:22 --------- d-----w C:\Program Files\Analog Devices

    2008-01-04 19:14 --------- d-----w C:\Program Files\microsoft frontpage

    2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll

    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

    2008-02-15 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    {4982D40A-C53B-4615-B15B-B5B5E98D167C}

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]

    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]

    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]

    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-02-15 12:00 26112]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-15 12:01 98304]

    "DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 16:36 1658965]

    "DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16:36 16384]

    "%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]

    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]

    "HostManager"="C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]

    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43 57344]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

    "C:\\Program Files\\AOL 9.0\\waol.exe"=

    "C:\\Program Files\\Common Files\\AOL\\1203080158\\ee\\aolsoftware.exe"=

    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]

    R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]

    R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]

    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]

    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-02-18 20:28:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-25 18:20:17

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2008-02-25 18:21:01

    ComboFix-quarantined-files.txt 2008-02-25 18:20:57

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:52:30, on 25/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    C:\Program Files\VoyagerTest\fts.exe

    C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\AOL 9.0\aoltray.exe

    c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

    c:\program files\common files\aol\1203080158\ee\aolsoftware.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 8209 bytes

  2. Here are the reports, sorry for the delay:

    ComboFix 08-02-25.3 - Owner 2008-02-25 18:17:50.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]

    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    F:\Autorun.inf

    .

    ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))

    .

    2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d--hs---- C:\found.000

    2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0

    2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint

    2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Program Files\FaxTools

    2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

    2008-02-17 15:39 . 2003-08-18 15:03 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE

    2008-02-17 15:39 . 2003-08-18 14:57 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL

    2008-02-17 15:39 . 2003-08-18 14:52 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll

    2008-02-17 15:39 . 2003-08-18 14:58 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL

    2008-02-17 15:39 . 2003-08-18 14:55 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE

    2008-02-17 15:39 . 2003-08-18 14:46 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL

    2008-02-17 15:39 . 2003-08-19 14:25 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll

    2008-02-17 15:39 . 2003-08-19 14:51 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL

    2008-02-17 15:39 . 2002-11-13 19:40 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll

    2008-02-17 15:39 . 2008-02-25 17:34 269 --a------ C:\WINDOWS\lexstat.ini

    2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Lexmark X1100 Series

    2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS

    2008-02-17 13:00 . 2008-02-21 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-02-17 13:00 . 2008-02-17 13:00 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-02-16 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

    2008-02-16 20:07 . 2008-02-17 14:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$

    2008-02-16 11:24 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\Common Files\Adobe

    2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

    2008-02-15 14:43 . 2008-02-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

    2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft

    2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

    2008-02-15 13:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2008-02-15 13:26 . 2008-02-15 13:26 <DIR> d---s---- C:\Documents and Settings\Owner\UserData

    2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Common Files\Scanner

    2008-02-15 12:41 . 2008-02-15 12:41 <DIR> d-------- C:\Program Files\Trend Micro

    2008-02-15 12:16 . 2008-02-15 12:17 <DIR> d-------- C:\Program Files\AOL Companion

    2008-02-15 12:15 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\Common Files\aolshare

    2008-02-15 12:15 . 2008-02-17 13:04 <DIR> d-------- C:\Program Files\AOL 9.0

    2008-02-15 12:15 . 2004-06-22 14:03 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll

    2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\VoyagerTest

    2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\Common Files\FTL Shared

    2008-02-15 12:14 . 2003-09-15 12:21 53,248 --a------ C:\WINDOWS\AppRun.exe

    2008-02-15 12:14 . 2003-10-19 10:58 36,864 --a------ C:\WINDOWS\Restart.exe

    2008-02-15 12:14 . 2003-10-19 11:02 536 --a------ C:\WINDOWS\AppRun.ini

    2008-02-15 12:13 . 2008-02-15 12:13 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem

    2008-02-15 12:13 . 2005-01-12 16:36 160,963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin

    2008-02-15 12:13 . 2005-01-13 11:09 160,951 --------- C:\WINDOWS\system32\drivers\gtipdsp_.bin

    2008-02-15 12:13 . 2005-01-12 16:36 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys

    2008-02-15 12:13 . 2005-01-12 16:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll

    2008-02-15 12:13 . 2005-01-12 16:37 17,020 --------- C:\WINDOWS\wwdslcfg.ini

    2008-02-15 12:13 . 2005-01-12 16:36 12,288 --------- C:\WINDOWS\system32\CplEng.dll

    2008-02-15 12:06 . 2008-02-15 12:06 <DIR> d-------- C:\Setup

    2008-02-15 12:03 . 2008-02-15 12:03 2 --a------ C:\WINDOWS\msoffice.ini

    2008-02-15 12:01 . 2008-02-15 13:37 <DIR> d-------- C:\WINDOWS\occache

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Viewpoint

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Learn2.com

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Common Files\aolback

    2008-02-15 12:01 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\AOL Toolbar

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver

    2008-02-15 12:01 . 2008-02-15 12:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AOL

    2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

    2008-02-15 12:01 . 2004-08-12 14:05 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak

    2008-02-15 12:01 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

    2008-02-15 12:01 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx

    2008-02-15 12:01 . 2004-06-22 14:03 173,184 --a------ C:\WINDOWS\system32\ygpss.scr

    2008-02-15 12:01 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX

    2008-02-15 12:01 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx

    2008-02-15 12:01 . 2001-11-21 10:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll

    2008-02-15 12:01 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

    2008-02-15 12:01 . 2008-02-15 12:17 715 --a------ C:\WINDOWS\aolback.exe.lnk

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Real

    2008-02-15 12:00 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\QuickTime

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Real

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

    2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

    2008-02-15 11:59 . 2008-02-15 17:23 <DIR> d-------- C:\Program Files\Common Files\AOL

    2008-02-15 11:59 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL

    2008-02-15 11:59 . 2003-09-16 10:07 499,712 --------- C:\WINDOWS\system32\msvcp71.dll

    2008-02-15 11:59 . 2003-09-09 14:06 348,160 --------- C:\WINDOWS\system32\msvcr71.dll

    2008-02-15 11:59 . 2008-02-15 11:59 335 --a------ C:\WINDOWS\nsreg.dat

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-25 18:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

    2008-02-25 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

    2008-02-17 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-02-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

    2008-02-15 12:31 --------- d-----w C:\Program Files\Norton Internet Security

    2008-02-15 12:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

    2008-02-15 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

    2008-02-15 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2008-02-15 12:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

    2008-02-15 12:28 --------- d-----w C:\Program Files\Symantec

    2008-02-15 12:00 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

    2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

    2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

    2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

    2008-01-04 20:01 --------- d-----w C:\Program Files\MSBuild

    2008-01-04 20:01 --------- d-----w C:\Program Files\Microsoft Works

    2008-01-04 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec

    2008-01-04 19:47 --------- d-----w C:\Program Files\Windows Sidebar

    2008-01-04 19:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft

    2008-01-04 19:30 --------- d-----w C:\Program Files\ATI Technologies

    2008-01-04 19:27 --------- d-----w C:\Program Files\Intel

    2008-01-04 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield

    2008-01-04 19:22 --------- d-----w C:\Program Files\Analog Devices

    2008-01-04 19:14 --------- d-----w C:\Program Files\microsoft frontpage

    2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll

    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

    2008-02-15 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    {4982D40A-C53B-4615-B15B-B5B5E98D167C}

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]

    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]

    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]

    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-02-15 12:00 26112]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-15 12:01 98304]

    "DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 16:36 1658965]

    "DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16:36 16384]

    "%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]

    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]

    "HostManager"="C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]

    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43 57344]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

    "C:\\Program Files\\AOL 9.0\\waol.exe"=

    "C:\\Program Files\\Common Files\\AOL\\1203080158\\ee\\aolsoftware.exe"=

    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]

    R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]

    R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]

    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]

    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-02-18 20:28:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-25 18:20:17

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2008-02-25 18:21:01

    ComboFix-quarantined-files.txt 2008-02-25 18:20:57

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:52:30, on 25/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    C:\Program Files\VoyagerTest\fts.exe

    C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\AOL 9.0\aoltray.exe

    c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

    c:\program files\common files\aol\1203080158\ee\aolsoftware.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 8209 bytes

  3. First of all, my previous topic Infected Pc has been blocked, but I would like to thank the team and say the issue has been resolved. I could not reply in time because I had problems with my Internet connection, but it's fine now (sorry!).

    The desktop PC had a malware on it, so I rebooted it (ie reinstalled everything, etc.) I backed up documents, music, etc. to my external HDD, but I think the HDD may be infected.

    However, my desktop, running Windows XP Home Ed SP2, seems to think that it has two versions of the OS installed on it. When I boot it, it goes to an OS choice menu, of which there are two choices, both XP Home Ed. One works and the other doesn't.

    Is this malware?

    Also, when I shut down the PC, I see for a few seconds that reg.exe could not start or something like that, before Windows shuts down.

    The external HDD does not open when I click it from My Computer, but asks me which program I want to open it with. Also, when I right click it, instead of open, it says Îòêðûòü !!!

    The autorun.inf file on the external HDD reads as

    [autorun]

    open=

    shell\open=Îòêðûòü

    shell\open\Command=10DC53F3.exe

    shell\open\Default=1

    This surely cannot be normal?

    Here is a HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:01:48, on 15/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    C:\Program Files\VoyagerTest\fts.exe

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\AOL 9.0\aoltray.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\Common Files\AOL\1203080158\ee\AOLHostManager.exe

    C:\Program Files\Common Files\AOL\1203080158\ee\AOLServiceHost.exe

    c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

    C:\Program Files\Common Files\AOL\1203080158\ee\AOLServiceHost.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\Program Files\AOL 9.0\waol.exe

    C:\Program Files\AOL 9.0\shellmon.exe

    C:\Program Files\Common Files\AOL\aoltpspd.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\NOTEPAD.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLHostManager.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\acsRollback.exe"

    O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsRollbackRes.dll"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F547F11E-9EAA-4591-BE89-B361F4D8B08B}: NameServer = 205.188.146.145

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 8019 bytes

    I have a 30 day trial of AVG Anti-Spyware from today, so pls let me know whether I should use it. So far, (without the HDD plugged in) it has not picked up anything via Quick Scans.

    Thanks for any suggestions.

  4. Here's the log:

    BitDefender Online Scanner

    Scan report generated at: Tue, Jan 29, 2008 - 20:52:55

    Scan path: C:\Documents and Settings\[My username]\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;

    Statistics

    Time

    01:08:46

    Files

    347949

    Folders

    6501

    Boot Sectors

    5

    Archives

    2521

    Packed Files

    12912

    Results

    Identified Viruses

    1

    Infected Files

    2

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    2

    Engines Info

    Virus Definitions

    977987

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    41

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe

    Detected with: Adware.Trymedia.DAN

    E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe

    Deleted

    Plus a load of personal files were scanned on my external hard drive E, said they were clean

    Note that none of the C drive files were under scanned files - is this normal?

    Thanks

  5. The ComboFix log is as follows:

    ComboFix 08-01-23.1C - [My username] 2008-01-27 12:36:08.1 - NTFSx86

    Running from: C:\Documents and Settings\[My username]\Desktop\ComboFix.exe

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))

    .

    2008-01-27 12:36 . 2008-01-27 12:36 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

    2008-01-27 12:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

    2008-01-22 18:24 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2008-01-21 16:28 . 2008-01-27 09:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-01-21 16:28 . 2008-01-21 16:28 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-01-21 16:27 . 2008-01-21 16:28 <DIR> d-------- C:\Program Files\iTunes

    2008-01-21 16:27 . 2008-01-21 16:27 <DIR> d-------- C:\Program Files\iPod

    2008-01-21 16:26 . 2008-01-21 16:26 <DIR> d-------- C:\Program Files\Bonjour

    2008-01-21 16:25 . 2008-01-21 16:26 <DIR> d-------- C:\Program Files\QuickTime

    2008-01-21 16:24 . 2008-01-21 16:24 <DIR> d-------- C:\Program Files\Common Files\Apple

    2008-01-21 16:24 . 2008-01-21 16:24 <DIR> d-------- C:\Program Files\Apple Software Update

    2008-01-20 16:09 . 2008-01-20 16:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2

    2008-01-20 16:09 . 2004-08-12 14:10 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-01-20 16:07 . 2008-01-20 16:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2008-01-20 16:07 . 2008-01-20 16:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    2008-01-20 15:30 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

    2008-01-20 15:30 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

    2008-01-20 15:30 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

    2008-01-20 15:30 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

    2008-01-20 15:30 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

    2008-01-20 15:30 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

    2008-01-20 15:30 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

    2008-01-20 15:30 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

    2008-01-20 15:30 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

    2008-01-20 15:21 . 2008-01-20 15:21 <DIR> d-------- C:\Program Files\Microsoft Silverlight

    2008-01-18 18:29 . 2008-01-18 18:29 <DIR> d-------- C:\Program Files\LimeWire

    2008-01-16 22:54 . 2008-01-16 22:54 <DIR> d-------- C:\Program Files\MSXML 4.0

    2008-01-16 19:07 . 2008-01-16 19:07 <DIR> d-------- C:\Program Files\DIFX

    2008-01-16 19:07 . 2004-09-03 10:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

    2008-01-16 19:07 . 2006-11-14 19:42 43,520 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

    2008-01-16 19:07 . 2006-11-14 17:35 37,376 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys

    2008-01-16 19:07 . 2006-11-15 00:16 32,256 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

    2008-01-16 19:07 . 2005-05-06 19:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll

    2008-01-16 18:42 . 2005-02-11 09:24 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys

    2008-01-16 18:42 . 2005-02-11 09:19 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys

    2008-01-15 20:42 . 2008-01-15 20:42 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters

    2008-01-15 20:10 . 2008-01-15 20:10 <DIR> d-------- C:\Program Files\Sony Ericsson

    2008-01-15 20:10 . 2008-01-15 20:10 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

    2008-01-15 20:09 . 2008-01-15 20:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations

    2008-01-13 18:54 . 2008-01-13 18:54 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3

    2008-01-13 18:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

    2008-01-13 18:53 . 2008-01-13 18:53 <DIR> d-------- C:\Program Files\Java

    2008-01-13 18:53 . 2008-01-13 18:53 <DIR> d-------- C:\Program Files\Common Files\Java

    2008-01-13 16:59 . 2008-01-13 16:59 <DIR> d-------- C:\Program Files\MSBuild

    2008-01-13 16:59 . 2008-01-13 16:59 <DIR> d-------- C:\Program Files\Microsoft Works

    2008-01-13 16:53 . 2008-01-13 16:58 <DIR> d-------- C:\WINDOWS\SHELLNEW

    2008-01-13 16:51 . 2008-01-13 16:51 <DIR> dr-h----- C:\MSOCache

    2008-01-13 16:47 . 2008-01-13 16:47 <DIR> d-------- C:\Program Files\Trend Micro

    2008-01-11 20:52 . 2008-01-11 20:52 <DIR> d-------- C:\Program Files\Sibelius Software

    2008-01-11 19:46 . 2008-01-11 19:48 <DIR> d-------- C:\Program Files\Picasa2

    2008-01-11 19:46 . 2008-01-20 17:03 <DIR> d-------- C:\Program Files\Google

    2008-01-11 19:46 . 2006-10-05 02:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

    2008-01-11 19:46 . 2006-10-05 02:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

    2008-01-10 21:06 . 2008-01-10 21:06 <DIR> d-------- C:\Program Files\Musicnotes

    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Scanner

    2008-01-07 18:33 . 2008-01-07 18:33 <DIR> d-------- C:\Program Files\Common Files\Adobe

    2008-01-07 09:55 . 2008-01-07 09:55 <DIR> d-------- C:\Program Files\Windows Live Toolbar

    2008-01-06 19:17 . 2008-01-06 19:17 <DIR> d-------- C:\WINDOWS\system32\Dell

    2008-01-06 19:15 . 2008-01-15 20:24 5 --a------ C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK

    2008-01-06 19:15 . 2008-01-15 20:24 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK

    2008-01-06 19:12 . 2008-01-06 19:12 <DIR> d-------- C:\Program Files\Dell

    2008-01-06 19:12 . 2005-07-08 13:19 666 --a------ C:\WINDOWS\speed.reg

    2008-01-06 19:08 . 2006-06-14 09:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

    2008-01-06 19:08 . 2006-06-14 09:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys

    2008-01-06 19:08 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

    2008-01-06 19:08 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys

    2008-01-06 19:08 . 2006-06-14 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

    2008-01-06 19:08 . 2006-06-14 08:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys

    2008-01-06 19:06 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

    2008-01-06 19:06 . 2004-08-03 23:15 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys

    2008-01-06 19:06 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

    2008-01-06 19:06 . 2004-08-03 22:58 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys

    2008-01-06 19:06 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

    2008-01-06 19:06 . 2004-08-03 22:58 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys

    2008-01-06 19:06 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

    2008-01-06 19:06 . 2004-08-03 22:58 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys

    2008-01-06 19:05 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

    2008-01-06 19:05 . 2004-08-04 00:56 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax

    2008-01-06 19:05 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

    2008-01-06 19:05 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

    2008-01-06 19:05 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

    2008-01-06 19:05 . 2004-08-04 00:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll

    2008-01-06 19:03 . 2008-01-06 19:03 <DIR> d-------- C:\Program Files\SigmaTel

    2008-01-06 19:03 . 2007-05-10 10:24 1,222,840 --a------ C:\WINDOWS\system32\drivers\sthda.sys

    2008-01-06 19:03 . 2007-05-10 10:23 270,336 --a------ C:\WINDOWS\system32\stacapi.dll

    2008-01-06 19:03 . 2007-08-21 09:58 146,944 --a------ C:\WINDOWS\system32\st325602.dll

    2008-01-06 19:00 . 2008-01-06 19:00 <DIR> d-------- C:\Program Files\Synaptics

    2008-01-06 19:00 . 2006-03-08 12:35 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

    2008-01-06 19:00 . 2006-03-08 12:38 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

    2008-01-06 19:00 . 2006-03-08 12:38 94,299 --a------ C:\WINDOWS\system32\SynTPAPI.dll

    2008-01-06 19:00 . 2006-03-08 12:37 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll

    2008-01-06 19:00 . 2006-03-08 12:51 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

    2008-01-06 19:00 . 2006-03-08 12:49 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll

    2008-01-06 18:26 . 2008-01-06 18:26 <DIR> d-------- C:\Program Files\Lavasoft

    2008-01-06 18:26 . 2008-01-06 18:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2008-01-06 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

    2008-01-06 12:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

    2008-01-06 12:09 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-01-22 18:06 --------- d-----w C:\Program Files\AOL 9.0

    2008-01-13 16:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT

    2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT

    2008-01-09 18:26 --------- d-----w C:\Program Files\Common Files\AOL

    2008-01-06 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-01-04 22:27 --------- d-----w C:\Program Files\Common Files\InstallShield

    2008-01-04 19:24 --------- d-----w C:\Program Files\AOL Companion

    2007-12-25 17:46 --------- d-----w C:\Program Files\Viewpoint

    2007-12-25 17:46 --------- d-----w C:\Program Files\Learn2.com

    2007-12-25 17:46 --------- d-----w C:\Program Files\Common Files\aolshare

    2007-12-25 17:46 --------- d-----w C:\Program Files\Common Files\aolback

    2007-12-25 17:45 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

    2007-12-25 17:45 --------- d-----w C:\Program Files\Real

    2007-12-25 17:45 --------- d-----w C:\Program Files\Common Files\Real

    2007-12-25 17:45 --------- d-----w C:\Program Files\Common Files\Nullsoft

    2007-12-25 17:45 --------- d-----w C:\Program Files\AOL Toolbar

    2007-12-25 17:41 --------- d--h--w C:\Program Files\Uninstall Information

    2007-12-25 17:35 --------- d-----w C:\Program Files\microsoft frontpage

    2007-11-30 23:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

    2007-11-30 23:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

    2007-11-30 23:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

    2007-11-30 23:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

    2007-11-30 23:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

    2007-11-30 23:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

    2007-11-30 23:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

    2007-11-30 23:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

    2007-11-30 23:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

    2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

    2008-01-04 19:10 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {4982D40A-C53B-4615-B15B-B5B5E98D167C}

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    {EE5D279F-081B-4404-994D-C6B60AAEBA6D}

    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]

    "EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 06:00 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-08 08:38 496752]

    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-25 17:45 26112]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]

    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]

    "DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10 1658965]

    "DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47 16384]

    "%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]

    "HostManager"="C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe" [2006-03-10 22:22 48280]

    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 20:00 138008]

    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]

    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]

    C:\Documents and Settings\[My username]\Start Menu\Programs\Startup\

    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]

    R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2003-08-15 12:56]

    R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]

    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]

    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    \Shell\AutoRun\command - E:\

    \Shell\open\Command - 10DC53F3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1330978b-bcff-11dc-a157-009096f8e308}]

    \Shell\AutoRun\command - F:\

    \Shell\open\Command - 001B9622.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51a17378-be25-11dc-a15b-5050506f4531}]

    \Shell\AutoRun\command - E:\

    \Shell\open\Command - 10DC53F3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f98cc4-c140-11dc-a165-009096f8e308}]

    \Shell\AutoRun\command - E:\

    \Shell\open\Command - 001B9622.exe

    *Newly Created Service* - ATWPKT2

    *Newly Created Service* - COMHOST

    *Newly Created Service* - PROCEXP90

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-01-21 16:25:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    "2008-01-27 11:43:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

    "2008-01-26 19:05:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - [My username].job"

    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-01-27 12:38:46

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2008-01-27 12:39:32

    .

    2008-01-22 19:06:43 --- E O F ---

    The HijackThis log is as follows:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:50:29, on 27/01/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\QuickTime\QTTask.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    C:\Program Files\VoyagerTest\fts.exe

    C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

    C:\Program Files\AOL 9.0\aoltray.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\iPod\bin\iPodService.exe

    c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

    c:\program files\common files\aol\1199475493\ee\aolsoftware.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\AOL 9.0\waol.exe

    C:\Program Files\AOL 9.0\shellmon.exe

    C:\Program Files\Common Files\AOL\aoltpspd.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 11192 bytes

    Sorry but I want to protect my identity for obvious reasons.

    I tried to do the PandaScan but after downloading the files, etc., the webpage could not go to the link which I presume had the report in. It won't let me redo it, so is there a way of removing the installantion files and ActiveX controls so I could try this again? Sorry for the inconvenience again!

    Plus, AOL Spyware says it detects Bifrost (a backdoor malware) - should I block this?

    Also, can you tell me whether deleting these infected files on the external E drive will have an effect on the other files there?

    Thank you.

  6. Hi, sorry this has taken so long

    Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:15:51, on 23/01/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Safe mode

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Spyware Doctor\svcntaux.exe

    C:\Program Files\Spyware Doctor\swdsvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 9244 bytes

    I'm really sorry but the AVG AntiSpyware log was for some reason not created. I can, however tell you that:

    Many infections were found. The first was:

    Origin: E:\System Volume Information\_restore{8A95F0D7-0C01-40BA-B53D-9741069FAA85}\RP3\A0000094.exe which was infected with Trojan.QQPass.aom

    Then there are hundreds of

    Origin: E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP56\A0006345.exe which were infected with Trojan.QQPass.aom

    The numbers in bold count down as each infection is listed to 6082

    There are other similar infections which also count down. Please tell me if you need their details but I think these are all similar, plus they're in the same location.

    The E drive happens to be my external HDD. Please tell me that the files in there are safe or can be cleaned as they are v important.

    Once again, I'm really sorry that I've made a bit of a mess of things. If there is a chance to redo the scan or something, pls let me know.

    AOL Spyware keeps on saying that it has blocked Estalive and has the same problem whilst opening.

    You know if you hover the mouse over the start menu, it says click here to begin. Sometimes that message gets randomly bigger.

    Also my computer things I have a usb pen drive located at G when I don't.

    Every time I save a file or copy one, I get a Thumbs.db file which I cannot open.

    In My Documents, there is a desktop.ini file which I cannot open.

    What is all this - malware or Xp dying??

    Thanks for your help and suggestions.

  7. Just to let you know that Spyware doctor is now working again.

    The new HijackThis log is:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:57:18, on 20/01/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Spyware Doctor\svcntaux.exe

    C:\Program Files\Spyware Doctor\swdsvc.exe

    C:\Program Files\Spyware Doctor\SDTrayApp.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    C:\Program Files\VoyagerTest\fts.exe

    C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE

    c:\program files\common files\aol\1199475493\ee\aolsoftware.exe

    C:\Program Files\AOL 9.0\aoltray.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\Program Files\AOL 9.0\waol.exe

    C:\Program Files\AOL 9.0\shellmon.exe

    C:\Program Files\Common Files\AOL\aoltpspd.exe

    D:\MATHSWATCH_Higher.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 10049 bytes

  8. Hi, I am running Xp Home Edition SP2

    Some info:

    Spyware doctor has stopped working.

    AOL Spyware keeps saying it has blocked "Estalive"; this keeps on appearing and if I try to view the blocked items, the spyware comes up with an error message and cannot open.

    I used to have a popup coming up frequently saying "Warning! Potential Spyware Operation... etc." ( I think this is a common one ) which was posing itself as a Windows Security Alert. After rebooting the PC (reinstalled Xp), the popups no longer appear.

    Another thing is that Windows has done some sort of CHKDSK on any external HDDs or usb pen drives that I have connected and it has had some weird effects such as loss of data, asking me what program I want to use to open the external HDD/usb pen drive when I click it. Plus it has created a recycled file in the HDD along with a autorun.inf txt file which opens in notepad and reads:

    [autorun]

    open=

    shell\open=Îòêðûòü

    shell\open\Command=10DC53F3.exe

    shell\open\Default=1

    When I right click the HDD in my computer, instead of saying open, it says Îòêðûòü. ?! Is this malware or Xp?

    Here's my HijackThis logfile:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:45:42, on 14/01/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Spyware Doctor\svcntaux.exe

    C:\Program Files\Spyware Doctor\swdsvc.exe

    C:\Program Files\Spyware Doctor\SDTrayApp.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    C:\Program Files\VoyagerTest\fts.exe

    C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE

    c:\program files\common files\aol\1199475493\ee\aolsoftware.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\AOL 9.0\aoltray.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\Program Files\AOL 9.0\waol.exe

    C:\Program Files\AOL 9.0\shellmon.exe

    C:\Program Files\Common Files\AOL\aoltpspd.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')

    O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')

    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 10310 bytes

    Also, does reinstalling Xp necessarily remove malware, etc.?

    PLS HELP, I need my PC working- so many important files!