Coolie42 Posted March 9, 2008 Report Share Posted March 9, 2008 Here are the reports, sorry for the lateness:ComboFix 08-02-25.3 - Owner 2008-02-25 18:17:50.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).F:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))).2008-02-20 18:15 . 2008-02-20 18:15 <DIR> d--hs---- C:\found.0002008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.02008-02-17 15:41 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Program Files\FaxTools2008-02-17 15:40 . 2008-02-17 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software2008-02-17 15:39 . 2003-08-18 15:03 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE2008-02-17 15:39 . 2003-08-18 14:57 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL2008-02-17 15:39 . 2003-08-18 14:52 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll2008-02-17 15:39 . 2003-08-18 14:58 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL2008-02-17 15:39 . 2003-08-18 14:55 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE2008-02-17 15:39 . 2003-08-18 14:46 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL2008-02-17 15:39 . 2003-08-19 14:25 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll2008-02-17 15:39 . 2003-08-19 14:51 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL2008-02-17 15:39 . 2002-11-13 19:40 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll2008-02-17 15:39 . 2008-02-25 17:34 269 --a------ C:\WINDOWS\lexstat.ini2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Lexmark X1100 Series2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS2008-02-17 13:00 . 2008-02-21 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-02-17 13:00 . 2008-02-17 13:00 1,409 --a------ C:\WINDOWS\QTFont.for2008-02-16 23:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe2008-02-16 20:07 . 2008-02-17 14:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$2008-02-16 11:24 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\Common Files\Adobe2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys2008-02-15 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys2008-02-15 14:43 . 2008-02-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft2008-02-15 13:31 . 2008-02-15 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2008-02-15 13:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2008-02-15 13:26 . 2008-02-15 13:26 <DIR> d---s---- C:\Documents and Settings\Owner\UserData2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Program Files\Common Files\Scanner2008-02-15 12:41 . 2008-02-15 12:41 <DIR> d-------- C:\Program Files\Trend Micro2008-02-15 12:16 . 2008-02-15 12:17 <DIR> d-------- C:\Program Files\AOL Companion2008-02-15 12:15 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\Common Files\aolshare2008-02-15 12:15 . 2008-02-17 13:04 <DIR> d-------- C:\Program Files\AOL 9.02008-02-15 12:15 . 2004-06-22 14:03 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\VoyagerTest2008-02-15 12:14 . 2008-02-15 12:14 <DIR> d-------- C:\Program Files\Common Files\FTL Shared2008-02-15 12:14 . 2003-09-15 12:21 53,248 --a------ C:\WINDOWS\AppRun.exe2008-02-15 12:14 . 2003-10-19 10:58 36,864 --a------ C:\WINDOWS\Restart.exe2008-02-15 12:14 . 2003-10-19 11:02 536 --a------ C:\WINDOWS\AppRun.ini2008-02-15 12:13 . 2008-02-15 12:13 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem2008-02-15 12:13 . 2005-01-12 16:36 160,963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin2008-02-15 12:13 . 2005-01-13 11:09 160,951 --------- C:\WINDOWS\system32\drivers\gtipdsp_.bin2008-02-15 12:13 . 2005-01-12 16:36 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys2008-02-15 12:13 . 2005-01-12 16:36 24,576 --a------ C:\WINDOWS\system32\CoInst.dll2008-02-15 12:13 . 2005-01-12 16:37 17,020 --------- C:\WINDOWS\wwdslcfg.ini2008-02-15 12:13 . 2005-01-12 16:36 12,288 --------- C:\WINDOWS\system32\CplEng.dll2008-02-15 12:06 . 2008-02-15 12:06 <DIR> d-------- C:\Setup2008-02-15 12:03 . 2008-02-15 12:03 2 --a------ C:\WINDOWS\msoffice.ini2008-02-15 12:01 . 2008-02-15 13:37 <DIR> d-------- C:\WINDOWS\occache2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Viewpoint2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Learn2.com2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\Common Files\aolback2008-02-15 12:01 . 2008-02-15 12:16 <DIR> d-------- C:\Program Files\AOL Toolbar2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver2008-02-15 12:01 . 2008-02-15 12:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AOL2008-02-15 12:01 . 2008-02-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint2008-02-15 12:01 . 2004-08-12 14:05 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak2008-02-15 12:01 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll2008-02-15 12:01 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx2008-02-15 12:01 . 2004-06-22 14:03 173,184 --a------ C:\WINDOWS\system32\ygpss.scr2008-02-15 12:01 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX2008-02-15 12:01 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx2008-02-15 12:01 . 2001-11-21 10:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll2008-02-15 12:01 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll2008-02-15 12:01 . 2008-02-15 12:17 715 --a------ C:\WINDOWS\aolback.exe.lnk2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Real2008-02-15 12:00 . 2008-02-15 12:01 <DIR> d-------- C:\Program Files\QuickTime2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Real2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Nullsoft2008-02-15 12:00 . 2008-02-15 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime2008-02-15 11:59 . 2008-02-15 17:23 <DIR> d-------- C:\Program Files\Common Files\AOL2008-02-15 11:59 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL2008-02-15 11:59 . 2003-09-16 10:07 499,712 --------- C:\WINDOWS\system32\msvcp71.dll2008-02-15 11:59 . 2003-09-09 14:06 348,160 --------- C:\WINDOWS\system32\msvcr71.dll2008-02-15 11:59 . 2008-02-15 11:59 335 --a------ C:\WINDOWS\nsreg.dat.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-25 18:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-02-25 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec2008-02-17 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-02-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-02-15 12:31 --------- d-----w C:\Program Files\Norton Internet Security2008-02-15 12:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF2008-02-15 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL2008-02-15 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS2008-02-15 12:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT2008-02-15 12:28 --------- d-----w C:\Program Files\Symantec2008-02-15 12:00 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys2008-01-04 20:01 --------- d-----w C:\Program Files\MSBuild2008-01-04 20:01 --------- d-----w C:\Program Files\Microsoft Works2008-01-04 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec2008-01-04 19:47 --------- d-----w C:\Program Files\Windows Sidebar2008-01-04 19:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft2008-01-04 19:30 --------- d-----w C:\Program Files\ATI Technologies2008-01-04 19:27 --------- d-----w C:\Program Files\Intel2008-01-04 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield2008-01-04 19:22 --------- d-----w C:\Program Files\Analog Devices2008-01-04 19:14 --------- d-----w C:\Program Files\microsoft frontpage2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]2008-02-15 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}{4982D40A-C53B-4615-B15B-B5B5E98D167C}[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}][HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1][HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784][HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}][HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1][HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-02-15 12:00 26112]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-15 12:01 98304]"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 16:36 1658965]"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16:36 16384]"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28 72192]"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]"HostManager"="C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43 57344][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\Common Files\\AOL\\1203080158\\ee\\aolsoftware.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"=R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder"2008-02-18 20:28:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-25 18:20:17Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-25 18:21:01ComboFix-quarantined-files.txt 2008-02-25 18:20:57Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:52:30, on 25/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\VoyagerTest\fts.exeC:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AOL 9.0\aoltray.exec:\program files\common files\aol\1203080158\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1203080158\ee\aolsoftware.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203080158\ee\AOLSoftware.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe--End of file - 8209 bytes Link to post Share on other sites
Coolie42 Posted March 15, 2008 Author Report Share Posted March 15, 2008 Can someone pls help me with this?I know the lateness is annoying but its been a while....Thank you Link to post Share on other sites
Andro1d Posted March 15, 2008 Report Share Posted March 15, 2008 (edited) Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Sorry for the delay! As a not in the future, I would not run CF unsupervised, it is a very powerfull tool and can do a lot of harm in a unsupervised enviroment. Go to Microsoft's website => http://support.microsoft.com/kb/310994Select Windows XP Home Edition for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log. Edited March 15, 2008 by MoNsTeReNeRgY22 Link to post Share on other sites
Recommended Posts