pjones6646
asked on
Norton Internet Security - HTTP MS IIS NTLM ASN1 BO - Repeated alerts
Hi, does anybody know what this alert is about and how i can prevent them from being sent to me?
info from the security alert window:
Time: 17.59
Date: 27/03/2006
Intrusion: HTTP MS IIS NTLM ASN1 BO
Intruder: 172.143.61.173(1353) - had many different addresses will list more i have manually blocked below.
Risk Level: High
Protocol: TCP
Attacked IP: XXX.XXX.XX.XXX
Attacked Port: http(80).
Other addresses i have blocked include:
60.36.29.96(2117)
61.93.91.48
140.127.109.74
81.190.95.198
There are many more, they occur over different ports but i have recognised port 80 being used frequently. Im only asking here as the Symantec info page for HTTP MS IIS NTLM ASN1 BO found here: http://securityresponse.symantec.com/avcenter/nis_ids/s21141.html says that it could pose a serious threat and i have had a problem the other week to do with Veritas Net Backup or something and dont want it to repeat any help would be greatly appreciated.
I could use an answer to this problem as soon as possible as i am going away on the 29th March.
Thanks for reading, if you need anymore information please post and i will try to supply.
info from the security alert window:
Time: 17.59
Date: 27/03/2006
Intrusion: HTTP MS IIS NTLM ASN1 BO
Intruder: 172.143.61.173(1353) - had many different addresses will list more i have manually blocked below.
Risk Level: High
Protocol: TCP
Attacked IP: XXX.XXX.XX.XXX
Attacked Port: http(80).
Other addresses i have blocked include:
60.36.29.96(2117)
61.93.91.48
140.127.109.74
81.190.95.198
There are many more, they occur over different ports but i have recognised port 80 being used frequently. Im only asking here as the Symantec info page for HTTP MS IIS NTLM ASN1 BO found here: http://securityresponse.symantec.com/avcenter/nis_ids/s21141.html says that it could pose a serious threat and i have had a problem the other week to do with Veritas Net Backup or something and dont want it to repeat any help would be greatly appreciated.
I could use an answer to this problem as soon as possible as i am going away on the 29th March.
Thanks for reading, if you need anymore information please post and i will try to supply.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi nepostojeci email,
Thanks for your response. I have noticed in the past day that the frequency of these attacks has slowed somewhat but i have increased the amount of time that attackers are blocked for from Norton Firewall controls. They are however still coming in so i will follow your suggested course of action by contacting AOL with my logs. I will however need to wait for the logs to accumulate as they are wiped every time i shut pc down.
As for my HJthis log i will paste it below...
Logfile of HijackThis v1.99.1
Scan saved at 13:20:56, on 28/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\DRIVER
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS
C:\Program Files\Creative\SBAudigy2ZS
C:\WINDOWS\system32\CTHELP
C:\Program Files\Common Files\PCSuite\DataLayer\Da
C:\Program Files\Common Files\Nokia\Tools\NclTray.
C:\Program Files\ATI Technologies\ATI.ACE\cli.e
C:\WINDOWS\system32\rundll
C:\WINDOWS\System32\spool\
C:\Program Files\Logitech\Video\LogiT
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Common Files\PCSuite\Services\Ser
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\WINDOWS\system32\ctfmon
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.e
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Valve\Steam\Steam.ex
C:\PROGRA~1\Logitech\Video
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul Jones\Desktop\HijackThis.e
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-7
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-2
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\Da
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.e
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiT
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.e
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {4C39376E-FA9D-4349-BACC-D
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-5
O16 - DPF: {C6637286-300D-11D4-AE0A-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
O17 - HKLM\System\CCS\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O18 - Filter: application/x-internet-sig
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\driver
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVER
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
Thanks again.
Thanks for your response. I have noticed in the past day that the frequency of these attacks has slowed somewhat but i have increased the amount of time that attackers are blocked for from Norton Firewall controls. They are however still coming in so i will follow your suggested course of action by contacting AOL with my logs. I will however need to wait for the logs to accumulate as they are wiped every time i shut pc down.
As for my HJthis log i will paste it below...
Logfile of HijackThis v1.99.1
Scan saved at 13:20:56, on 28/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\DRIVER
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS
C:\Program Files\Creative\SBAudigy2ZS
C:\WINDOWS\system32\CTHELP
C:\Program Files\Common Files\PCSuite\DataLayer\Da
C:\Program Files\Common Files\Nokia\Tools\NclTray.
C:\Program Files\ATI Technologies\ATI.ACE\cli.e
C:\WINDOWS\system32\rundll
C:\WINDOWS\System32\spool\
C:\Program Files\Logitech\Video\LogiT
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Common Files\PCSuite\Services\Ser
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\WINDOWS\system32\ctfmon
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.e
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Valve\Steam\Steam.ex
C:\PROGRA~1\Logitech\Video
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul Jones\Desktop\HijackThis.e
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-7
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-2
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\Da
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.e
O4 - HKLM\..\Run: [BluetoothAuthenticationAg
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiT
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.e
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {4C39376E-FA9D-4349-BACC-D
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-5
O16 - DPF: {C6637286-300D-11D4-AE0A-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
O17 - HKLM\System\CCS\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O18 - Filter: application/x-internet-sig
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\driver
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVER
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
Thanks again.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have all windows updates and also nortons latest def's
I frequently check msconfig already for things that i dont want starting up, the only things that i have not unchecked in the list are things that look like they should be there when pc starts or things that i want to start up anyway like my webcam software etc.
As for things in task man' im not sure of everything so im going to list them and then maybe you can tell me if there is anything suspicious...
Image Name Mem Usage
IEXPLORE.EXE 13,572 k
wisptis.exe 988 k
CTFMON.EXE 3248 k
ServiceLayer.exe 924 k
CCAPP.EXE 34,040 k
AOLDial.exe 2,212 k
fts.exe 840 k
ALG.EXE 3,428 k
dslagent.exe 244k
dslstat.exe 3,188 k
companion.exe 3,156k
LogiTray.exe 3,972 k
E_S4I2F1.exe 548 k
FxSvr2.exe 1,356 k
RUNDLL32.EXE 328 k
CLE.exe 8,136 k
NclTray.exe 976 k
DataLayer.exe 1,076 k
CTHELPER.EXE 568 k
CTDVDDET.exe 412 k
CTSysVol.exe 952 k
IntelMEM.exe 380 k
IAAnotif.exe 264 k
WMIPRVSE.EXE 5,152 k
NSCSRVCE.EXE 1,148 k
CLI.exe 5,892k
LVComS.exe 1,304 k
msnmsgr.exe 50,160 k
SVCHOST.exe 12,024 k
wdfmgr.exe 1,660 k
CCEVTMGR.EXE 10,420 k
EXPLORER.EXE 26,964 k
ati2evxx.exe 3,152 k
SVCHOST.EXE 4,628 k
CCSETMGR.EXE 7,992 k
SVCHOST.EXE 4,448 k
NAVAPSVC.EXE 2,452 k
mdm.exe 2,932 k
SVCHOST.EXE 3,332 k
IAANTmon.exe 996 k
SVCHOST.EXE 23,480 k
CTSVCCDA.EXE 1,228 k
CDANTSRV.EXE 1,068 k
CDAC11BA.EXE 1,056 k
LSASS.EXE 1,300 k
SERVICES.EXE 4,348 k
WINLOGON.EXE 1,292 k
CSRSS.EXE 4,766 k
AluSchedulerSvc.exe 716 k
AOLascd.exe 3,372 k
spoolsv.exe 5,088 k
SMSS.EXE 424 k
symlcsvc.exe 212 k
SPBBCSvc.exe 2,812 k
COMHOST.EXE 1,112 k
SNDSrvc.exe 4,372 k
CCPROXY.EXE 6,316 k
System 256k
System Idle Proc 28k