We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
MBAM and HJT Logs: Help Please
macman
Posts: 53,129 Forumite
in Techie Stuff
I have just cleaned a PC using the above and would be grateful if someone could advise if if anything suspicious remains in the logs below: MBAM indicates that it has removed 129 infections: so much for Norton 360...
Malwarebytes' Anti-Malware 1.44
Database version: 3674
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
01/02/2010 23:31:22
mbam-log-2010-02-01 (23-31-22).txt
Scan type: Full Scan (C:\|)
Objects scanned: 171515
Time elapsed: 59 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 44
Files Infected: 64
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\alot (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio01 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_0 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_1 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_10 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_11 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_2 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_3 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_4 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_5 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_6 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_7 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_8 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_9 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\configurator (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\products (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_0 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_0\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_1 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_1\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_2 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_2\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_3 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_3\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_6 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_6\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_7 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_7\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\TimerManager (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\ToolbarSearch (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Updater (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot\bin (Adware.ALOT) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\alot\bin\alot.dll (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\toolbar.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_0\Button_0.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_0\Button_0.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_1\Button_1.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_1\Button_1.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_10\Button_10.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_10\Button_10.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_11\Button_11.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_11\Button_11.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_2\Button_2.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_2\Button_2.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_3\Button_3.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_3\Button_3.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_4\Button_4.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_4\Button_4.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_5\Button_5.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_5\Button_5.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_6\Button_6.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_6\Button_6.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_7\Button_7.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_7\Button_7.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_8\Button_8.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_8\Button_8.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_9\Button_9.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_9\Button_9.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\configurator\configurator.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\configurator\configurator.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\products\products.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\products\products.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_2\images\default_282_alot_map_widget_default.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_3\images\default_275_alot_maps_maptravel.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\clear.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\cloudy.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\default_283_alot_maps_weather.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\mcloud.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\nclear.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\nmcloud.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\rain.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\shower.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5\images\default_276_alot_mrkt_iphone.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5\images\default_276_alot_ref_mrkt_world_travel_guides.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_6\images\default_503_alot_ref_mrkt_world_travel_guides.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_7\images\default_502_alot_ref_mrkt_book.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\domains.dat (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\TimerManager\TimerManager.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Updater\Updater.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Updater\Updater.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.ALOT) -> Quarantined and deleted successfully.
HJT log follows:
Malwarebytes' Anti-Malware 1.44
Database version: 3674
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
01/02/2010 23:31:22
mbam-log-2010-02-01 (23-31-22).txt
Scan type: Full Scan (C:\|)
Objects scanned: 171515
Time elapsed: 59 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 44
Files Infected: 64
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\alot (Adware.ALOT) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.ALOT) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio01 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_0 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_1 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_10 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_11 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_2 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_3 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_4 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_5 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_6 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_7 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_8 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_9 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\configurator (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\products (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_0 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_0\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_1 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_1\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_2 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_2\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_3 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_3\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_6 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_6\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_7 (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_7\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\TimerManager (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\ToolbarSearch (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Updater (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot\bin (Adware.ALOT) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\alot\bin\alot.dll (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\toolbar.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_0\Button_0.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_0\Button_0.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_1\Button_1.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_1\Button_1.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_10\Button_10.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_10\Button_10.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_11\Button_11.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_11\Button_11.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_2\Button_2.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_2\Button_2.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_3\Button_3.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_3\Button_3.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_4\Button_4.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_4\Button_4.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_5\Button_5.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_5\Button_5.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_6\Button_6.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_6\Button_6.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_7\Button_7.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_7\Button_7.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_8\Button_8.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_8\Button_8.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_9\Button_9.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Button_9\Button_9.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\configurator\configurator.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\configurator\configurator.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\products\products.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\products\products.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_2\images\default_282_alot_map_widget_default.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_3\images\default_275_alot_maps_maptravel.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\clear.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\cloudy.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\default_283_alot_maps_weather.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\mcloud.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\nclear.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\nmcloud.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\rain.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_4\images\shower.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5\images\default_276_alot_mrkt_iphone.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_5\images\default_276_alot_ref_mrkt_world_travel_guides.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_6\images\default_503_alot_ref_mrkt_world_travel_guides.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Button_7\images\default_502_alot_ref_mrkt_book.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\domains.dat (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\TimerManager\TimerManager.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Updater\Updater.xml (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chesters\Application Data\alot\Updater\Updater.xml.backup (Adware.ALOT) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.ALOT) -> Quarantined and deleted successfully.
HJT log follows:
No free lunch, and no free laptop 
0
Comments
-
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:44, on 02/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1202547353\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202547353\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmzzrzz.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9723 bytesNo free lunch, and no free laptop0 -
Only thing that stands out to be removed is
1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
but sure aliEnRIK will be along soon.0 -
Definitely still infected
Id recommend a run with combofix and post that log here
FIX these ~
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmzzrzz.dll:idea:0 -
Definitely still infected
Id recommend a run with combofix and post that log here
FIX these ~
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmzzrzz.dll
Thanks RIK, will do, do you agree with removing the item highlighted by dogmaryxx above?No free lunch, and no free laptop0 -
I dont think thats an issue at all ~ Its just a part of how Dell set it up:idea:0
-
Here's the Combofix log as requested:
ComboFix 10-02-01.03 - Chesters 02/02/2010 14:58:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.544 [GMT 0:00]
Running from: c:\documents and settings\Chesters\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\kb913800.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_ATI64SI
\Legacy_I386SI
\Legacy_KSI32SK
\Legacy_NETSIK
\Legacy_NICSK32
\Legacy_PORT135SIK
\Legacy_SECURENTM
\Legacy_SYSTEMNTMI
\Legacy_WS2_32SIK
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.
2010-02-02 10:41 . 2010-02-02 10:41
d
w- c:\program files\Trend Micro
2010-02-02 10:37 . 2010-02-02 10:37
d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-02 10:27 . 2010-02-02 10:27
d
w- c:\windows\ie8updates
2010-02-02 09:29 . 2010-01-11 13:40 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\NAVENG.SYS
2010-02-02 09:29 . 2010-01-11 13:40 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\NAVENG32.DLL
2010-02-02 09:29 . 2010-01-11 13:40 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\NAVEX32A.DLL
2010-02-02 09:29 . 2010-01-11 13:40 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\NAVEX15.SYS
2010-02-02 09:29 . 2010-01-11 13:40 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\EECTRL.SYS
2010-02-02 09:29 . 2010-01-11 13:40 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\CCERASER.DLL
2010-02-02 09:29 . 2010-01-11 13:40 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\ECMSVR32.DLL
2010-02-02 09:29 . 2010-01-11 13:40 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100201.048\ERASER.SYS
2010-02-01 22:41 . 2009-12-21 19:14 12800
w- c:\windows\system32\dllcache\xpshims.dll
2010-02-01 22:41 . 2009-12-21 19:14 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-01 22:40 . 2009-11-21 15:51 471552
w- c:\windows\system32\dllcache\aclayers.dll
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\documents and settings\Chesters\Application Data\Malwarebytes
2010-02-01 22:28 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 22:28 . 2010-02-01 22:28
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 22:28 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 22:25 . 2010-02-01 22:25 0 ----a-w- c:\windows\nsreg.dat
2010-02-01 22:24 . 2010-02-01 22:24
d
w- c:\documents and settings\Chesters\Local Settings\Application Data\Mozilla
2010-02-01 22:12 . 2010-02-01 22:12
d
w- c:\program files\CCleaner
2010-02-01 21:33 . 2010-02-01 21:33
d-sh--w- c:\documents and settings\Chesters\PrivacIE
2010-02-01 21:33 . 2010-02-01 21:33
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-01 21:30 . 2010-02-01 21:30
d-sh--w- c:\documents and settings\Chesters\IETldCache
2010-02-01 20:28 . 2010-02-01 20:31
dc-h--w- c:\windows\ie8
2010-01-30 08:57 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-01-30 08:57 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-01-30 08:57 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-01-30 08:57 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-01-30 08:57 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-23 08:12 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\Scxpx86.dll
2010-01-23 08:12 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys
2010-01-23 08:12 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSXpx86.sys
2010-01-23 08:12 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSxpx86.dll
2010-01-23 08:12 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys
2010-01-12 18:07 . 2010-01-12 18:04 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-12 18:05 . 2010-01-12 18:05 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-12 18:05 . 2010-01-12 18:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-12 18:05 . 2010-01-12 18:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-12 18:05 . 2010-01-12 18:05 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-12 18:05 . 2010-01-12 18:05 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-12 18:04 . 2010-01-12 18:04 771440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\windows\system32\drivers\N360
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\program files\Norton 360
2010-01-12 18:04 . 2010-01-12 18:04
d
w- c:\program files\Windows Sidebar
2010-01-12 17:56 . 2010-01-12 17:56
d
w- c:\documents and settings\All Users\Application Data\PCSettings
2010-01-12 17:54 . 2010-01-12 18:07
d
w- c:\documents and settings\All Users\Application Data\Norton
2010-01-12 17:52 . 2010-01-12 18:04
d
w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-12 17:52 . 2010-01-12 17:52
d
w- c:\program files\NortonInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 09:23 . 2005-11-08 14:57
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-16 08:45 . 2005-11-08 14:57
d
w- c:\program files\Common Files\Symantec Shared
2010-01-12 18:05 . 2005-11-08 14:57
d
w- c:\program files\Symantec
2010-01-12 18:05 . 2010-01-12 18:05 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-12 18:05 . 2010-01-12 18:05 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-12 18:05 . 2006-09-19 12:44 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-12 18:05 . 2010-02-02 15:04 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-12 18:05 . 2006-10-03 17:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-21 19:14 . 2005-08-16 04:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2005-08-16 04:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-08 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-08 98304]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1202547353\ee\AOLSoftware.exe" [2006-09-26 50736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-11-8 156784]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-31 315392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1202547353\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe"=
"c:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"=
"c:\\Program Files\\VoyagerTest\\fts.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [12/01/2010 18:05 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [12/01/2010 18:05 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [12/01/2010 18:05 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [30/01/2010 08:57 329592]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/01/2010 18:05 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/01/2010 10:25 102448]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Chesters\Application Data\Mozilla\Firefox\Profiles\d8ukdcxn.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3412)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Norton 360\Engine\3.5.2.11\Microsoft.VC80.CRT\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\stsystra.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-02-02 15:07:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 15:07
Pre-Run: 142,050,816,000 bytes free
Post-Run: 141,951,709,184 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - DCA8ACB8724B1318D2D0FFC35E5360E8No free lunch, and no free laptop0 -
Log looks fine
Maybe give it a run through with Dr Web and another full scan with malwarebytes just to be sure?:idea:0 -
Great, thanks RIK, could you give me a link and any intsructions for Dr Web please, as don't think I have used that before.No free lunch, and no free laptop0
-
No worries
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.7K Work, Benefits & Business
- 603.1K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards