Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alexa Related


  • Please log in to reply
1 reply to this topic

#1 Pulchritudinous

Pulchritudinous

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 08 August 2007 - 05:19 PM

I been wondering about Alexa, i don't know if mine is good or bad.
Location is C:\\WIINNIT\web\RELATED.HTM

And Combofix log, Smitfruad log and Hijackthis.


ComboFix 07-08-09 - "Kim" 08/08/2007 23:02:44.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.533
[GMT 1:00]



((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 22:52 53,248 --a------ C:\WINNT\system32\Process.exe
2007-08-08 22:52 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-08 22:52 3,272 --a------ C:\WINNT\system32\tmp.reg
2007-08-08 22:52 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-08-08 22:48 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3c0.dat
2007-08-08 22:45 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-08 02:02 <DIR> d-------- C:\Program Files\CCleaner
2007-08-08 01:46 <DIR> d-------- C:\BruB
2007-08-08 01:28 81,920 -r------- C:\WINNT\bwUnin-6.1.4.61-8876480L.exe
2007-08-08 01:24 97,792 --a------ C:\WINNT\system32\LGUICOM.DLL
2007-08-08 01:24 94,208 --a------ C:\WINNT\system32\FEELIT.DLL
2007-08-08 01:24 70,798 --a------ C:\WINNT\system32\drivers\LMouFlt2.Sys
2007-08-08 01:24 61,198 --------- C:\WINNT\system32\drivers\LSERMOU2.SYS
2007-08-08 01:24 54,784 --a------ C:\WINNT\system32\MSVCI70.DLL
2007-08-08 01:24 51,486 --a------ C:\WINNT\system32\drivers\L8042pr2.Sys
2007-08-08 01:24 46,992 --a--c--- C:\WINNT\system32\dllcache\i8042prt.sys
2007-08-08 01:24 46,992 --a------ C:\WINNT\system32\drivers\i8042prt.sys
2007-08-08 01:24 37,884 --------- C:\WINNT\system32\drivers\Lhidusb.sys
2007-08-08 01:24 3,568 --a------ C:\WINNT\system32\LMOUSE16.DLL
2007-08-08 01:24 25,502 --------- C:\WINNT\system32\drivers\LHIDFLT2.SYS
2007-08-08 01:24 24,528 --a--c--- C:\WINNT\system32\dllcache\kbdclass.sys
2007-08-08 01:24 24,528 --a------ C:\WINNT\system32\drivers\kbdclass.sys
2007-08-08 01:24 23,372 --a------ C:\WINNT\system32\LCoInst.Dll
2007-08-08 01:24 21,776 --a--c--- C:\WINNT\system32\dllcache\mouclass.sys
2007-08-08 01:24 21,776 --a------ C:\WINNT\system32\drivers\mouclass.sys
2007-08-08 01:24 19,968 --------- C:\WINNT\LOGI_MWX.EXE
2007-08-08 01:24 16,896 --a------ C:\WINNT\system32\LMOUSE32.DLL
2007-08-08 01:24 155,648 --a------ C:\WINNT\system32\ifc21.dll
2007-08-08 01:24 152,064 --------- C:\WINNT\system32\lmoufrc.dll
2007-08-08 01:24 14,092 --------- C:\WINNT\system32\drivers\LCCFLTR.SYS
2007-08-08 01:24 12,953 --a------ C:\WINNT\system32\drivers\itchfltr.sys
2007-08-08 01:24 104,960 --a------ C:\WINNT\system32\COMNCTR.DLL
2007-08-08 01:24 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-08-07 23:39 <DIR> d-------- C:\Program Files\Real
2007-08-07 23:39 <DIR> d-------- C:\Program Files\Common Files\Real
2007-08-07 23:37 <DIR> d-------- C:\Program Files\MUSICMATCH
2007-08-07 23:36 <DIR> d-------- C:\Program Files\Logitech
2007-08-03 05:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-07-29 18:09 <DIR> d-------- C:\Program Files\Dopewars


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

29/07/07 18:37 --------- d-------- C:\Program Files\Norton Internet Security
29/07/07 18:37 --------- d-------- C:\Program Files\MSN Messenger
29/07/07 18:35 --------- d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
29/07/07 18:31 --------- d-------- C:\Program Files\Google
28/06/07 06:28 --------- d-------- C:\Program Files\PartyGaming
28/05/07 20:54 16384 --a----t- C:\WINNT\system32\Perflib_Perfdata_568.dat
26/05/07 21:34 87608 --a------ C:\DOCUME~1\Kim\APPLIC~1\ezpinst.exe
26/05/07 21:33 47360 --a------ C:\DOCUME~1\Kim\APPLIC~1\pcouffin.sys
25/03/07 17:27 271 ---h----- C:\Program Files\desktop.ini
25/03/07 17:27 21952 ---h----- C:\Program Files\folder.htt
24/07/02 13:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
13/06/07 02:58 16384 --a----t- C:\WINNT\system32\Perflib_Perfdata_600.dat
08/08/07 21:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
08/08/07 02:07 --------- d-------- C:\Program Files\Common Files\Symantec Shared
06/08/07 13:13 --------- d-------- C:\Program Files\Soulseek
04/06/07 23:12 16384 --a----t- C:\WINNT\system32\Perflib_Perfdata_460.dat
03/08/07 07:16 --------- d-------- C:\DOCUME~1\Kim\APPLIC~1\Azureus


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19/06/03 20:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [15/06/05 18:20 ]
"nwiz"="nwiz.exe" [15/06/05 18:20 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [15/06/05 18:20 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/07 17:32 ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [02/11/04 18:59 ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [25/03/07 23:27 ]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [13/11/03 18:23 C:\WINNT\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/07 04:00 ]
"NeroCheck"="C:\WINNT\system32\\NeroCheck.exe" [09/07/01 11:50 ]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [11/08/06 11:15 ]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [19/04/04 09:19 ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/07 03:06 ]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [01/12/03 11:38 ]
"Logitech Utility"="Logi_MwX.Exe" [07/11/03 10:50 C:\WINNT\LOGI_MWX.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29/06/07 09:07 ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [14/06/05 10:05 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-08 01:28:57]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe"
R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys
S3 JL2005;JL2005A Toy Camera;C:\WINNT\system32\Drivers\toywdm.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINNT\system32\DRIVERS\mxopswd.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys
S3 WUSB54GPV4SRV;Wireless-G Portable USB Adapter Driver;C:\WINNT\system32\DRIVERS\rt2500usb.sys
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;C:\WINNT\system32\DRIVERS\rt2500usb.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-28 00:04:17 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Kim.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 23:04:06
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

CMD.EXE [2160]


scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 08/08/2007 23:04:54
C:\ComboFix2.txt ... 08/08/07 22:50

--- E O F ---
















SmitFraudFix v2.210

Scan done at 23:06:08.62, Wed 08/08/2007
Run from C:\Documents and Settings\Kim\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\cmd.exe

hosts


C:\


C:\WINNT


C:\WINNT\system


C:\WINNT\Web


C:\WINNT\system32


C:\Documents and Settings\Kim


C:\Documents and Settings\Kim\Application Data


Start Menu


C:\DOCUME~1\Kim\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 194.168.4.100
DNS Server Search Order: 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA2784F1-3383-406F-A5D8-1A0F34918E6B}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBE5951E-4196-4FE9-BBD9-5EB25DA7CDB8}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FA2784F1-3383-406F-A5D8-1A0F34918E6B}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBE5951E-4196-4FE9-BBD9-5EB25DA7CDB8}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FA2784F1-3383-406F-A5D8-1A0F34918E6B}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBE5951E-4196-4FE9-BBD9-5EB25DA7CDB8}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


Scanning for wininet.dll infection


End



Logfile of HijackThis v1.99.1
Scan saved at 22:57:47, on 08/08/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
D:\Kim\Data\Drivers\Comp help\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174841824578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Edited by Pulchritudinous, 08 August 2007 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:34 AM

Posted 20 August 2007 - 09:35 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users