Simon V
Thanks for your help so far it is looking and performing better.
I will consider my wrists slapped with regard to the P2P software, it is now gone.
The
'supercharged_1024x768 Screen Saver' is a screen saver from Land Rover showing the Range Rover Sport.
Here are the logs you asked for:
COMBOFIX log:ComboFix 07-11-08.1 - David 2007-11-15 20:50:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.170 [GMT 0:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\YMBOLS~1\regsvr32.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 19:49 2,202 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 19:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 13:12 151,552 -ra------ C:\WINDOWS\system32\CnxHwIo.dll
2007-11-15 13:12 117,100 -ra------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-11-15 13:12 109,556 -ra------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-11-15 13:11 545,436 -ra------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-11-15 13:11 118,784 -ra------ C:\WINDOWS\system32\CnxMfdCo.dll
2007-11-15 13:11 118,784 -ra------ C:\WINDOWS\system32\CnxClsCo.dll
2007-11-15 12:32 134,144 --a------ C:\WINDOWS\system32\REGEDIT.EXE
2007-11-14 19:34 <DIR> d-------- C:\Documents and Settings\David\Application Data\TrojanHunter
2007-11-14 17:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-13 11:31 <DIR> d-------- C:\Documents and Settings\David\Application Data\Grisoft
2007-11-13 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-13 11:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-13 10:02 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-13 08:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 00:08 <DIR> d-------- C:\Documents and Settings\David\Application Data\Symantec
2007-11-12 20:06 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-12 17:59 <DIR> d-------- C:\Program Files\Norton 360
2007-11-12 17:56 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-12 17:56 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-12 12:44 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-12 10:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-12 09:16 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-11 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-11 08:01 <DIR> d-------- C:\Documents and Settings\David\Application Data\Uniblue
2007-11-11 08:00 <DIR> d-------- C:\Program Files\Uniblue
2007-11-10 18:28 <DIR> d-------- C:\WINDOWS\pss
2007-11-10 18:03 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-11-10 17:39 <DIR> d-------- C:\Program Files\PowerISO
2007-11-10 16:56 <DIR> d-------- C:\Documents and Settings\David\Application Data\Sandbox
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 20:47 --------- d-----w C:\Program Files\Azureus
2007-11-15 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 13:12 --------- d-----w C:\Program Files\SAMSUNG
2007-11-15 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-14 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-14 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-13 15:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-13 10:07 --------- d-----w C:\Program Files\Java
2007-11-12 19:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-12 19:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-12 19:47 --------- d-----w C:\Program Files\Symantec
2007-11-12 15:34 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-11-12 10:18 --------- d-----w C:\Program Files\OfficeForms
2007-11-10 18:04 --------- d-----w C:\Documents and Settings\David\Application Data\Azureus
2007-11-06 09:59 --------- d-----w C:\Documents and Settings\David\Application Data\AdobeUM
2007-10-08 12:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-08 12:53 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-08 12:48 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-18 14:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 14:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 23:14]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 23:15]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59]
"CnxDslTaskBar"="C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe" [2001-12-19 19:47]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoRecentDocsMenu"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
C:\Program Files\Sandboxie\Control.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\System32\keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R3 CnxEtP;SAMSUNG AHT-E310 WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;SAMSUNG AHT-E310 Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgN;SAMSUNG AHT-E310 WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys
*Newly Created Service* - COMHOST
.
**************************************************************************
disk not found C:\
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk not found C:\
**************************************************************************
.
Completion time: 2007-11-15 20:56:50
C:\ComboFix2.txt ... 2007-11-15 19:46
.
--- E O F ---
KASPERSKY ONLINE SCAN report:-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 16, 2007 12:41:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/11/2007
Kaspersky Anti-Virus database records: 459998
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 105467
Number of viruses found: 5
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 03:24:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Bluebeam Software\Brewery\V4\Printer Support\BBPDFPortMon.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C2B0985.exe Infected: Trojan.Win32.DNSChanger.iu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\434C278D.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B0081354.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\David\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\David\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\David\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\David\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Temp\~DF537A.tmp Object is locked skipped
C:\Documents and Settings\David\Local Settings\Temp\~DF5393.tmp Object is locked skipped
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B32A2E1C-EBAD-433B-903D-B5A59988CE3B}\RP536\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F153F126-B6E9-4718-8D75-987F9FF7DDE2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CnxDslWz.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\JET280E.tmp Object is locked skipped
C:\WINDOWS\TEMP\JET2ACD.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Share\Apps\DivXPro511Adware.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Share\Apps\DivXPro511Adware.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Share\Apps\DivXPro511Adware.exe NSIS: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002471.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002471.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002471.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0002/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0002/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0002/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0002/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0002/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0002 Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0003/data0139 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002472.exe Inno: infected - 8 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002581.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002581.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002581.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0002/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0002/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0002/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0002/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0002/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0002 Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0003/data0139 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
D:\System Volume Information\_restore{AFBA5414-946C-46D0-9A0D-4BF23D56546E}\RP8\A0002582.exe Inno: infected - 8 skipped
D:\System Volume Information\_restore{B32A2E1C-EBAD-433B-903D-B5A59988CE3B}\RP519\A0136459.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{B32A2E1C-EBAD-433B-903D-B5A59988CE3B}\RP519\A0136459.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{B32A2E1C-EBAD-433B-903D-B5A59988CE3B}\RP519\A0136459.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{B32A2E1C-EBAD-433B-903D-B5A59988CE3B}\RP536\change.log Object is locked skipped
Scan process completed.
New HIJACK THIS log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:08, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
http://components.metastream.com/MTSIns ... tream3.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
https://www-secure.symantec.com/techsup ... SupCtl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsup ... mAData.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 9533757125O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 9690186578O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
https://www-secure.symantec.com/techsup ... mAData.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9214F493-2685-4076-9C2F-AA5F011D843E}: NameServer = 62.241.162.200 62.241.163.201
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6669 bytes
__________________________________________________________________________________________
Cheers
JustmeUK (David)