Infected Pc 2 Cont'd[INACTIVE]

Coolie42

By Coolie42,
in Malware Removal

 Share Followers 0

Recommended Posts

Coolie42

Coolie42

Posted
Posted

Here are the reports, sorry for the lateness:

ComboFix 08-02-25.3 - Owner 2008-02-25 18:17:50.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

F:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))

.

2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d--hs---- C:\found.000

2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0

2008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint

2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Program Files\FaxTools

2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

2008-02-17 15:39 . 2003-08-18 15:03 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE

2008-02-17 15:39 . 2003-08-18 14:57 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL

2008-02-17 15:39 . 2003-08-18 14:52 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll

2008-02-17 15:39 . 2003-08-18 14:58 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL

2008-02-17 15:39 . 2003-08-18 14:55 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE

2008-02-17 15:39 . 2003-08-18 14:46 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL

2008-02-17 15:39 . 2003-08-19 14:25 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll

2008-02-17 15:39 . 2003-08-19 14:51 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL

2008-02-17 15:39 . 2002-11-13 19:40 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll

2008-02-17 15:39 . 2008-02-25 17:34 269 --a------ C:\WINDOWS\lexstat.ini

2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Lexmark X1100 Series

2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS

2008-02-17 13:00 . 2008-02-21 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-17 13:00 . 2008-02-17 13:00 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-16 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-02-16 20:07 . 2008-02-17 14:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-02-16 11:24 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-02-15 14:43 . 2008-02-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft

2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-15 13:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-02-15 13:26 . 2008-02-15 13:26 <DIR> d---s---- C:\Documents and Settings\Owner\UserData

2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Common Files\Scanner

2008-02-15 12:41 . 2008-02-15 12:41 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-15 12:16 . 2008-02-15 12:17 <DIR> d-------- C:\Program Files\AOL Companion

2008-02-15 12:15 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\Common Files\aolshare

2008-02-15 12:15 . 2008-02-17 13:04 <DIR> d-------- C:\Program Files\AOL 9.0

2008-02-15 12:15 . 2004-06-22 14:03 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll

2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\VoyagerTest

2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\Common Files\FTL Shared

2008-02-15 12:14 . 2003-09-15 12:21 53,248 --a------ C:\WINDOWS\AppRun.exe

2008-02-15 12:14 . 2003-10-19 10:58 36,864 --a------ C:\WINDOWS\Restart.exe

2008-02-15 12:14 . 2003-10-19 11:02 536 --a------ C:\WINDOWS\AppRun.ini

2008-02-15 12:13 . 2008-02-15 12:13 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem

2008-02-15 12:13 . 2005-01-12 16:36 160,963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin

2008-02-15 12:13 . 2005-01-13 11:09 160,951 --------- C:\WINDOWS\system32\drivers\gtipdsp_.bin

2008-02-15 12:13 . 2005-01-12 16:36 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys

2008-02-15 12:13 . 2005-01-12 16:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll

2008-02-15 12:13 . 2005-01-12 16:37 17,020 --------- C:\WINDOWS\wwdslcfg.ini

2008-02-15 12:13 . 2005-01-12 16:36 12,288 --------- C:\WINDOWS\system32\CplEng.dll

2008-02-15 12:06 . 2008-02-15 12:06 <DIR> d-------- C:\Setup

2008-02-15 12:03 . 2008-02-15 12:03 2 --a------ C:\WINDOWS\msoffice.ini

2008-02-15 12:01 . 2008-02-15 13:37 <DIR> d-------- C:\WINDOWS\occache

2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Viewpoint

2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Learn2.com

2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Common Files\aolback

2008-02-15 12:01 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\AOL Toolbar

2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver

2008-02-15 12:01 . 2008-02-15 12:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AOL

2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-02-15 12:01 . 2004-08-12 14:05 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak

2008-02-15 12:01 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

2008-02-15 12:01 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx

2008-02-15 12:01 . 2004-06-22 14:03 173,184 --a------ C:\WINDOWS\system32\ygpss.scr

2008-02-15 12:01 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-02-15 12:01 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx

2008-02-15 12:01 . 2001-11-21 10:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll

2008-02-15 12:01 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2008-02-15 12:01 . 2008-02-15 12:17 715 --a------ C:\WINDOWS\aolback.exe.lnk

2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Real

2008-02-15 12:00 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\QuickTime

2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Real

2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

2008-02-15 11:59 . 2008-02-15 17:23 <DIR> d-------- C:\Program Files\Common Files\AOL

2008-02-15 11:59 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL

2008-02-15 11:59 . 2003-09-16 10:07 499,712 --------- C:\WINDOWS\system32\msvcp71.dll

2008-02-15 11:59 . 2003-09-09 14:06 348,160 --------- C:\WINDOWS\system32\msvcr71.dll

2008-02-15 11:59 . 2008-02-15 11:59 335 --a------ C:\WINDOWS\nsreg.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-25 18:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-25 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-02-17 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-15 12:31 --------- d-----w C:\Program Files\Norton Internet Security

2008-02-15 12:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-02-15 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-02-15 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-02-15 12:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-02-15 12:28 --------- d-----w C:\Program Files\Symantec

2008-02-15 12:00 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-01-04 20:01 --------- d-----w C:\Program Files\MSBuild

2008-01-04 20:01 --------- d-----w C:\Program Files\Microsoft Works

2008-01-04 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec

2008-01-04 19:47 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-04 19:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft

2008-01-04 19:30 --------- d-----w C:\Program Files\ATI Technologies

2008-01-04 19:27 --------- d-----w C:\Program Files\Intel

2008-01-04 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-04 19:22 --------- d-----w C:\Program Files\Analog Devices

2008-01-04 19:14 --------- d-----w C:\Program Files\microsoft frontpage

2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll

2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-02-15 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{4982D40A-C53B-4615-B15B-B5B5E98D167C}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]

"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-02-15 12:00 26112]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-15 12:01 98304]

"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 16:36 1658965]

"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16:36 16384]

"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]

"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]

"HostManager"="C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"C:\\Program Files\\AOL 9.0\\waol.exe"=

"C:\\Program Files\\Common Files\\AOL\\1203080158\\ee\\aolsoftware.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]

R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]

R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-18 20:28:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-25 18:20:17

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-25 18:21:01

ComboFix-quarantined-files.txt 2008-02-25 18:20:57

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:52:30, on 25/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AOL 9.0\aoltray.exe

c:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe

c:\program files\common files\aol\1203080158\ee\aolsoftware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 8209 bytes

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted (edited)

Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay! As a not in the future, I would not run CF unsupervised, it is a very powerfull tool and can do a lot of harm in a unsupervised enviroment.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select Windows XP Home Edition for your Operating System.

Download the file & save it as it's originally named, next to ComboFix.exe.

qq-1.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

Edited by MoNsTeReNeRgY22
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing