Parlaypaulie2
Thread Starter
- Joined
- Jan 19, 2007
- Messages
- 3
My Spysweeper is finding a thing called Peerbot and it looks like its in the reg having something to do with a ctfmon.exe file. It will quarantine it but then shows up again in a short period of time...anyhelp is appreciatted
Logfile of HijackThis v1.99.1
Scan saved at 8:48:21 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Logi_MwX.Exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\MXOALDR.EXE
G:\Program Files\iPod\bin\iPodService.exe
G:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~2\VPTray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\oa\oaLaunch.exe
G:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
G:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\PROGRA~1\WINZIP\winzip32.exe
G:\Documents and Settings\Paul\Local Settings\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - G:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] G:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RCHotKey] "G:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] G:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] G:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - Global Startup: OALaunch.lnk = G:\oa\oaLaunch.exe
O4 - Global Startup: RingCentral Call Controller.lnk = G:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
O9 - Extra button: High Impact eMail - {670F87A1-88B0-11d4-9030-000021D9C559} - G:\Program Files\KMT Software\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - g:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - g:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - G:\Program Files\KMT Software\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: High Impact eMail - {C4A67F75-88B2-11d4-9030-000021D9C559} - G:\Program Files\KMT Software\High Impact eMail\HIemail.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - G:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124312463532
O16 - DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} (RegConfig Class) - http://www2.verizon.net/help/fios_settings/includes/vzTCPConfig.cab
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na2.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na2.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ams-servicesmeetings.webex.com/client/v_mywebex-wbs-mciprodcn/webex/ieatgpc.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - https://service.ringcentral.com/ActiveX/RCAXSetup.cab
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - G:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: pcANYWHERE Host Service (awhost32) - Unknown owner - G:\Program Files\pcANYWHERE\awhost32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - G:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 8:48:21 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Logi_MwX.Exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\MXOALDR.EXE
G:\Program Files\iPod\bin\iPodService.exe
G:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~2\VPTray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\oa\oaLaunch.exe
G:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
G:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\PROGRA~1\WINZIP\winzip32.exe
G:\Documents and Settings\Paul\Local Settings\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - G:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] G:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RCHotKey] "G:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] G:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] G:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - Global Startup: OALaunch.lnk = G:\oa\oaLaunch.exe
O4 - Global Startup: RingCentral Call Controller.lnk = G:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
O9 - Extra button: High Impact eMail - {670F87A1-88B0-11d4-9030-000021D9C559} - G:\Program Files\KMT Software\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - g:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - g:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - G:\Program Files\KMT Software\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: High Impact eMail - {C4A67F75-88B2-11d4-9030-000021D9C559} - G:\Program Files\KMT Software\High Impact eMail\HIemail.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - G:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124312463532
O16 - DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} (RegConfig Class) - http://www2.verizon.net/help/fios_settings/includes/vzTCPConfig.cab
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na2.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na2.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ams-servicesmeetings.webex.com/client/v_mywebex-wbs-mciprodcn/webex/ieatgpc.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - https://service.ringcentral.com/ActiveX/RCAXSetup.cab
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - G:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: pcANYWHERE Host Service (awhost32) - Unknown owner - G:\Program Files\pcANYWHERE\awhost32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - G:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe