Infected Pc[INACTIVE]

Coolie42

By Coolie42,
in Malware Removal

 Share Followers 0

Recommended Posts

Coolie42

Coolie42

Posted
Posted (edited)

Hi, I am running Xp Home Edition SP2

Some info:

Spyware doctor has stopped working.

AOL Spyware keeps saying it has blocked "Estalive"; this keeps on appearing and if I try to view the blocked items, the spyware comes up with an error message and cannot open.

I used to have a popup coming up frequently saying "Warning! Potential Spyware Operation... etc." ( I think this is a common one ) which was posing itself as a Windows Security Alert. After rebooting the PC (reinstalled Xp), the popups no longer appear.

Another thing is that Windows has done some sort of CHKDSK on any external HDDs or usb pen drives that I have connected and it has had some weird effects such as loss of data, asking me what program I want to use to open the external HDD/usb pen drive when I click it. Plus it has created a recycled file in the HDD along with a autorun.inf txt file which opens in notepad and reads:

[autorun]

open=

shell\open=Îòêðûòü

shell\open\Command=10DC53F3.exe

shell\open\Default=1

When I right click the HDD in my computer, instead of saying open, it says Îòêðûòü. ?! Is this malware or Xp?

Here's my HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:45:42, on 14/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE

c:\program files\common files\aol\1199475493\ee\aolsoftware.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\AOL 9.0\aoltray.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\aoltpspd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 10310 bytes

Also, does reinstalling Xp necessarily remove malware, etc.?

PLS HELP, I need my PC working- so many important files!

Edited by Coolie42
Link to post
Share on other sites
sarahw

sarahw

Posted
Posted

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)

Link to post
Share on other sites
Coolie42

Coolie42

Posted
  • Author
Posted (edited)

Just to let you know that Spyware doctor is now working again.

The new HijackThis log is:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:57:18, on 20/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE

c:\program files\common files\aol\1199475493\ee\aolsoftware.exe

C:\Program Files\AOL 9.0\aoltray.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\aoltpspd.exe

D:\MATHSWATCH_Higher.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 10049 bytes

Edited by Coolie42
Link to post
Share on other sites
sarahw

sarahw

Posted
Posted

Hi,

1.

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

2.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Do not Run it yet, we will use it later. Save it somewhere you will remember, like your desktop.

3.

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

4.

Please open ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

5.


  1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a fresh Hijack This log.

Link to post
Share on other sites
Coolie42

Coolie42

Posted
  • Author
Posted (edited)

Hi, sorry this has taken so long

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:15:51, on 23/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 9244 bytes

I'm really sorry but the AVG AntiSpyware log was for some reason not created. I can, however tell you that:

Many infections were found. The first was:

Origin: E:\System Volume Information\_restore{8A95F0D7-0C01-40BA-B53D-9741069FAA85}\RP3\A0000094.exe which was infected with Trojan.QQPass.aom

Then there are hundreds of

Origin: E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP56\A0006345.exe which were infected with Trojan.QQPass.aom

The numbers in bold count down as each infection is listed to 6082

There are other similar infections which also count down. Please tell me if you need their details but I think these are all similar, plus they're in the same location.

The E drive happens to be my external HDD. Please tell me that the files in there are safe or can be cleaned as they are v important.

Once again, I'm really sorry that I've made a bit of a mess of things. If there is a chance to redo the scan or something, pls let me know.

AOL Spyware keeps on saying that it has blocked Estalive and has the same problem whilst opening.

You know if you hover the mouse over the start menu, it says click here to begin. Sometimes that message gets randomly bigger.

Also my computer things I have a usb pen drive located at G when I don't.

Every time I save a file or copy one, I get a Thumbs.db file which I cannot open.

In My Documents, there is a desktop.ini file which I cannot open.

What is all this - malware or Xp dying??

Thanks for your help and suggestions.

Edited by Coolie42
Link to post
Share on other sites
sarahw

sarahw

Posted
Posted
Then there are hundreds of

Origin: E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP56\A0006345.exe which were infected with Trojan.QQPass.aom

We'll remove those soon.

Every time I save a file or copy one, I get a Thumbs.db file which I cannot open.

In My Documents, there is a desktop.ini file which I cannot open.

Don't touch these files. You should not be able to see them, but we changed the setting to show system files. Do not delete anything if you dont know what it is.

You know if you hover the mouse over the start menu, it says click here to begin. Sometimes that message gets randomly bigger.

That sounds strange?

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Link to post
Share on other sites
Coolie42

Coolie42

Posted
  • Author
Posted (edited)

The ComboFix log is as follows:

ComboFix 08-01-23.1C - [My username] 2008-01-27 12:36:08.1 - NTFSx86

Running from: C:\Documents and Settings\[My username]\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))

.

2008-01-27 12:36 . 2008-01-27 12:36 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-01-27 12:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-22 18:24 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-01-21 16:28 . 2008-01-27 09:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-21 16:28 . 2008-01-21 16:28 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-21 16:27 . 2008-01-21 16:28 <DIR> d-------- C:\Program Files\iTunes

2008-01-21 16:27 . 2008-01-21 16:27 <DIR> d-------- C:\Program Files\iPod

2008-01-21 16:26 . 2008-01-21 16:26 <DIR> d-------- C:\Program Files\Bonjour

2008-01-21 16:25 . 2008-01-21 16:26 <DIR> d-------- C:\Program Files\QuickTime

2008-01-21 16:24 . 2008-01-21 16:24 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-01-21 16:24 . 2008-01-21 16:24 <DIR> d-------- C:\Program Files\Apple Software Update

2008-01-20 16:09 . 2008-01-20 16:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-01-20 16:09 . 2004-08-12 14:10 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-01-20 16:07 . 2008-01-20 16:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-01-20 16:07 . 2008-01-20 16:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-01-20 15:30 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-01-20 15:30 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-01-20 15:30 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-01-20 15:30 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-01-20 15:30 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-01-20 15:30 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-01-20 15:30 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-01-20 15:30 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-01-20 15:30 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-01-20 15:21 . 2008-01-20 15:21 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-01-18 18:29 . 2008-01-18 18:29 <DIR> d-------- C:\Program Files\LimeWire

2008-01-16 22:54 . 2008-01-16 22:54 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-01-16 19:07 . 2008-01-16 19:07 <DIR> d-------- C:\Program Files\DIFX

2008-01-16 19:07 . 2004-09-03 10:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2008-01-16 19:07 . 2006-11-14 19:42 43,520 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2008-01-16 19:07 . 2006-11-14 17:35 37,376 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys

2008-01-16 19:07 . 2006-11-15 00:16 32,256 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2008-01-16 19:07 . 2005-05-06 19:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll

2008-01-16 18:42 . 2005-02-11 09:24 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys

2008-01-16 18:42 . 2005-02-11 09:19 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys

2008-01-15 20:42 . 2008-01-15 20:42 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters

2008-01-15 20:10 . 2008-01-15 20:10 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-01-15 20:10 . 2008-01-15 20:10 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

2008-01-15 20:09 . 2008-01-15 20:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-13 18:54 . 2008-01-13 18:54 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3

2008-01-13 18:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-13 18:53 . 2008-01-13 18:53 <DIR> d-------- C:\Program Files\Java

2008-01-13 18:53 . 2008-01-13 18:53 <DIR> d-------- C:\Program Files\Common Files\Java

2008-01-13 16:59 . 2008-01-13 16:59 <DIR> d-------- C:\Program Files\MSBuild

2008-01-13 16:59 . 2008-01-13 16:59 <DIR> d-------- C:\Program Files\Microsoft Works

2008-01-13 16:53 . 2008-01-13 16:58 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-01-13 16:51 . 2008-01-13 16:51 <DIR> dr-h----- C:\MSOCache

2008-01-13 16:47 . 2008-01-13 16:47 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-11 20:52 . 2008-01-11 20:52 <DIR> d-------- C:\Program Files\Sibelius Software

2008-01-11 19:46 . 2008-01-11 19:48 <DIR> d-------- C:\Program Files\Picasa2

2008-01-11 19:46 . 2008-01-20 17:03 <DIR> d-------- C:\Program Files\Google

2008-01-11 19:46 . 2006-10-05 02:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-11 19:46 . 2006-10-05 02:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-10 21:06 . 2008-01-10 21:06 <DIR> d-------- C:\Program Files\Musicnotes

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Scanner

2008-01-07 18:33 . 2008-01-07 18:33 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-01-07 09:55 . 2008-01-07 09:55 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-01-06 19:17 . 2008-01-06 19:17 <DIR> d-------- C:\WINDOWS\system32\Dell

2008-01-06 19:15 . 2008-01-15 20:24 5 --a------ C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK

2008-01-06 19:15 . 2008-01-15 20:24 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK

2008-01-06 19:12 . 2008-01-06 19:12 <DIR> d-------- C:\Program Files\Dell

2008-01-06 19:12 . 2005-07-08 13:19 666 --a------ C:\WINDOWS\speed.reg

2008-01-06 19:08 . 2006-06-14 09:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-01-06 19:08 . 2006-06-14 09:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys

2008-01-06 19:08 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-01-06 19:08 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys

2008-01-06 19:08 . 2006-06-14 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-01-06 19:08 . 2006-06-14 08:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys

2008-01-06 19:06 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2008-01-06 19:06 . 2004-08-03 23:15 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys

2008-01-06 19:06 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-01-06 19:06 . 2004-08-03 22:58 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys

2008-01-06 19:06 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-01-06 19:06 . 2004-08-03 22:58 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys

2008-01-06 19:06 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2008-01-06 19:06 . 2004-08-03 22:58 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys

2008-01-06 19:05 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-01-06 19:05 . 2004-08-04 00:56 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax

2008-01-06 19:05 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-01-06 19:05 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2008-01-06 19:05 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-01-06 19:05 . 2004-08-04 00:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll

2008-01-06 19:03 . 2008-01-06 19:03 <DIR> d-------- C:\Program Files\SigmaTel

2008-01-06 19:03 . 2007-05-10 10:24 1,222,840 --a------ C:\WINDOWS\system32\drivers\sthda.sys

2008-01-06 19:03 . 2007-05-10 10:23 270,336 --a------ C:\WINDOWS\system32\stacapi.dll

2008-01-06 19:03 . 2007-08-21 09:58 146,944 --a------ C:\WINDOWS\system32\st325602.dll

2008-01-06 19:00 . 2008-01-06 19:00 <DIR> d-------- C:\Program Files\Synaptics

2008-01-06 19:00 . 2006-03-08 12:35 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-01-06 19:00 . 2006-03-08 12:38 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-01-06 19:00 . 2006-03-08 12:38 94,299 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-01-06 19:00 . 2006-03-08 12:37 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-01-06 19:00 . 2006-03-08 12:51 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2008-01-06 19:00 . 2006-03-08 12:49 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-01-06 18:26 . 2008-01-06 18:26 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-06 18:26 . 2008-01-06 18:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-06 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-01-06 12:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-01-06 12:09 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-22 18:06 --------- d-----w C:\Program Files\AOL 9.0

2008-01-13 16:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT

2008-01-11 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT

2008-01-09 18:26 --------- d-----w C:\Program Files\Common Files\AOL

2008-01-06 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-04 22:27 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-04 19:24 --------- d-----w C:\Program Files\AOL Companion

2007-12-25 17:46 --------- d-----w C:\Program Files\Viewpoint

2007-12-25 17:46 --------- d-----w C:\Program Files\Learn2.com

2007-12-25 17:46 --------- d-----w C:\Program Files\Common Files\aolshare

2007-12-25 17:46 --------- d-----w C:\Program Files\Common Files\aolback

2007-12-25 17:45 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

2007-12-25 17:45 --------- d-----w C:\Program Files\Real

2007-12-25 17:45 --------- d-----w C:\Program Files\Common Files\Real

2007-12-25 17:45 --------- d-----w C:\Program Files\Common Files\Nullsoft

2007-12-25 17:45 --------- d-----w C:\Program Files\AOL Toolbar

2007-12-25 17:41 --------- d--h--w C:\Program Files\Uninstall Information

2007-12-25 17:35 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-30 23:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 23:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 23:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 23:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 23:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 23:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 23:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 23:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 23:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-01-04 19:10 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{4982D40A-C53B-4615-B15B-B5B5E98D167C}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{EE5D279F-081B-4404-994D-C6B60AAEBA6D}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]

"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 06:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-08 08:38 496752]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-25 17:45 26112]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]

"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10 1658965]

"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47 16384]

"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]

"HostManager"="C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe" [2006-03-10 22:22 48280]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 20:00 138008]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]

C:\Documents and Settings\[My username]\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]

R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2003-08-15 12:56]

R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\

\Shell\open\Command - 10DC53F3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1330978b-bcff-11dc-a157-009096f8e308}]

\Shell\AutoRun\command - F:\

\Shell\open\Command - 001B9622.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51a17378-be25-11dc-a15b-5050506f4531}]

\Shell\AutoRun\command - E:\

\Shell\open\Command - 10DC53F3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f98cc4-c140-11dc-a165-009096f8e308}]

\Shell\AutoRun\command - E:\

\Shell\open\Command - 001B9622.exe

*Newly Created Service* - ATWPKT2

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2008-01-21 16:25:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-27 11:43:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-01-26 19:05:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - [My username].job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-27 12:38:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-27 12:39:32

.

2008-01-22 19:06:43 --- E O F ---

The HijackThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:50:29, on 27/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\AOL 9.0\aoltray.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\program files\common files\aol\1199475493\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

c:\program files\common files\aol\1199475493\ee\aolsoftware.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\aoltpspd.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199475493\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB5.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1557CDD2-12C8-4D46-B5F1-0369E61A7AB2}: NameServer = 205.188.146.145

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 11192 bytes

Sorry but I want to protect my identity for obvious reasons.

I tried to do the PandaScan but after downloading the files, etc., the webpage could not go to the link which I presume had the report in. It won't let me redo it, so is there a way of removing the installantion files and ActiveX controls so I could try this again? Sorry for the inconvenience again!

Plus, AOL Spyware says it detects Bifrost (a backdoor malware) - should I block this?

Also, can you tell me whether deleting these infected files on the external E drive will have an effect on the other files there?

Thank you.

Edited by Coolie42
Link to post
Share on other sites
sarahw

sarahw

Posted
Posted
Also, can you tell me whether deleting these infected files on the external E drive will have an effect on the other files there?
Are you refering to the files here: E:\System Volume Information? They are usually not moved untill much later.
Plus, AOL Spyware says it detects Bifrost (a backdoor malware) - should I block this?
No, leave it for now.

Please do a scan with one of these two scanners (you can choose which one. If one doesn't work for you, you can run the other):

1.

Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

2.

BitDefender Online Scan

  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Link to post
Share on other sites
Coolie42

Coolie42

Posted
  • Author
Posted

Here's the log:

BitDefender Online Scanner

Scan report generated at: Tue, Jan 29, 2008 - 20:52:55

Scan path: C:\Documents and Settings\[My username]\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;

Statistics

Time

01:08:46

Files

347949

Folders

6501

Boot Sectors

5

Archives

2521

Packed Files

12912

Results

Identified Viruses

1

Infected Files

2

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

2

Engines Info

Virus Definitions

977987

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe

Detected with: Adware.Trymedia.DAN

E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe

Deleted

Plus a load of personal files were scanned on my external hard drive E, said they were clean

Note that none of the C drive files were under scanned files - is this normal?

Thanks

Link to post
Share on other sites
sarahw

sarahw

Posted
Posted
Note that none of the C drive files were under scanned files - is this normal?

Looks good.

Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    • CF_Cleanup.png

    [*] When shown the disclaimer, Select "2"

The above procedure will:

  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present

    [*] Reset the clock settings.

    [*] Hide file extensions, if required.

    [*] Hide System/Hidden files, if required.

    [*] Reset System Restore.

This will remove any malware hidden in restore points like here:

E:\System Volume Information\_restore{8A3F0CEE-7B68-4594-B6C7-7737759E1441}\RP83\A0010830.exe

Use your ocmputer for a while and tell me if you have any problems.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing