Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zonealarm Antispyware Cannot Update


  • This topic is locked This topic is locked
6 replies to this topic

#1 uadave

uadave

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 07 October 2007 - 03:51 PM

My PC apparently has a malware problem. My information is below. Please let me know if any additional information is needed to help solve this problem.

Thank you,
uadave


Symptoms:
  • When ZoneAlarm tries to execute an AntiSyware update, I receive the message: "AntiSpyware Server Busy Pleae Try Again Later". This message occurs when trying to update both manually and automatically.
  • The second symptom is a page redirect that is now occuring. A hyperlink was contained in an e-mail I received. When I clicked on it, I was directed to a different Web address.
  • The original link: www.scanner.virus.org The address I was redirected to: http://www.city.ws/
  • The last symptom is Orbitz pop-ups. When I open the CNN webpage, www.cnn.com, the Orbitz advertisement pop-up also appears.
What I have tried so far:
  • Updating and running my Anti-Virus software.
  • Executing the steps listed in the Bleeping Computer preparation guide. (i.e.: Cleaning temp files, running Ad-aware/Spybot Search and Destroy, etc.)
  • By executing the steps in the preparation guide, 1 piece of Malware and 3 pieces of Alexa were found and removed, along with several low level spyware applets. This did not correct my problem.
  • Booting my PC in Safe Mode and updating the Zone Alarm AntiSpyware while in Safe Mode. The update was sucessful, but when I rebooted in Standard Mode, the "Server Busy" error was still in place.
The PC information:
Computer / Model: Dell Demension 4100
RAM: 256 SDRAM
O/S: Microsoft 2000 Professional Ver. 5.0.2 / Service Pack 4
Internet Browser: Internet Explorer Ver. 6.0.2

Security Software:
Firewall: Zone Alarm Ver. 7.0.337
AntiVirus: Norton Anti Virus 2006 Ver. 12.8.0.4
AntiSpyware: Zone Alarm Ver. 7.0.337 (AntiSpyware Engine Ver. 5.0.1760

HIJACKTHIS Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:15 AM, on 10/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\slpservice.exe
C:\WINNT\system32\slpmonx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINNT\system32\mobsync.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\Seiko\slpcap.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://rd.yahoo.com/customize/sbcy/default.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by

OCSD IE6 v1.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = neon:80
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\common\ycomp5_0_8_6.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\common\ycomp5_0_8_6.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Speed racer] "C:\Program Files\Creative\PlayCenter\CTSRReg.exe"
O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Iomega Startup Options] "C:\Program Files\Iomega\Common\ImgStart.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection

Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP

InSight\IPMon32.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project

Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series]

"C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" /P23 "EPSON Stylus C84 Series" /O5 "LPT1:"

/M "Stylus C84"
O4 - HKLM\..\Run: [Norton Ghost 9.0] "C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - .DEFAULT Startup: PowerReg SchedulerV2.exe (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE (User 'Default

user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartCapture.lnk = C:\WINNT\Seiko\slpcap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program

Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program

Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: *.silver
O15 - Trusted Zone: *.silver (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program

Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/...b?1130133474359
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) -

http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -

https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton

Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINNT\System32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

--
End of file - 12445 bytes

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 16 October 2007 - 10:29 AM

Your computer does not appear to be infected. To make you feel better, I get an orbitz popup when I go to CNN.com as well. Its normal and part of their advertising.

Let's look deeper to be safe:

Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.

Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn of your security programs while rootchk is scanning (you should then unhook your network connection as well)

#3 uadave

uadave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 19 October 2007 - 12:35 PM

Grindler,

Sorry I didn't respond earlier, I was out of town.

Thanks for your help,
uadave

Here's the RootCheck log file:

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
Tue 10/16/2007 15:24:06.19

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 15:24:06
Windows 5.0.2195 Service Pack 4
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@?$?@?? C?????U?@?????????@?B???A???????A?P ????B???@?????P???$?@?? ??????TG?w??????????@??? ???????????????B?????\ ????????????????????????????B

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 19 October 2007 - 09:34 PM

Still nothing. One last thing to look at, and if this shows nothing, then I suggest you post about your zone alarm problem in our security forums.
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#5 uadave

uadave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 20 October 2007 - 01:49 PM

OK, here are the logs.

Thanks



Combofix.txt:

ComboFix 07-10-21.1 - Sharon 10/20/2007 10:57:17.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.81 [GMT -7:00]
Running from: C:\Documents and Settings\sharon\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-20 10:57 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_630.dat
2007-10-20 10:54 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-20 10:22 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_3ec.dat
2007-10-16 17:21 16,384 --a------ C:\WINNT\SYSTEM32\Perflib_Perfdata_66c.dat
2007-10-07 07:38 <DIR> d-------- C:\WINNT\BDOSCAN8
2007-10-06 19:22 <DIR> d-------- C:\Documents and Settings\sharon\.housecall6.6
2007-10-06 19:17 <DIR> d-------- C:\WINNT\Sun
2007-10-06 19:15 <DIR> d-------- C:\Program Files\Java
2007-10-06 19:11 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-06 16:24 16,384 --a------ C:\WINNT\SYSTEM32\Perflib_Perfdata_2d0.dat
2007-10-06 15:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-06 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-06 15:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 11:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 19:14 <DIR> d-------- C:\TEMP\xonelab-updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 16:52 805 ----a-w C:\WINNT\system32\drivers\SYMEVENT.INF
2007-10-07 16:52 60,800 ----a-w C:\WINNT\SYSTEM32\S32EVNT1.DLL
2007-10-07 16:52 123,952 ----a-w C:\WINNT\system32\drivers\SYMEVENT.SYS
2007-10-07 16:52 10,740 ----a-w C:\WINNT\system32\drivers\SYMEVENT.CAT
2007-08-28 00:13 97,672 ----a-w C:\WINNT\system32\drivers\symfw.sys
2007-08-28 00:13 537,992 ----a-w C:\WINNT\SYSTEM32\SymNeti.dll
2007-08-28 00:13 31,624 ----a-w C:\WINNT\system32\drivers\symids.sys
2007-08-28 00:13 28,040 ----a-w C:\WINNT\system32\drivers\symndis.sys
2007-08-28 00:13 23,944 ----a-w C:\WINNT\system32\drivers\symredrv.sys
2007-08-28 00:13 189,320 ----a-w C:\WINNT\system32\drivers\symtdi.sys
2007-08-28 00:13 161,160 ----a-w C:\WINNT\SYSTEM32\SymRedir.dll
2007-08-28 00:13 12,680 ----a-w C:\WINNT\system32\drivers\symdns.sys
2007-08-20 00:55 93,184 ------w C:\WINNT\SYSTEM32\DLLCACHE\OEIMPORT.DLL
2007-08-20 00:55 91,136 ------w C:\WINNT\SYSTEM32\MSOERT2.DLL
2007-08-20 00:55 91,136 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSOERT2.DLL
2007-08-20 00:55 77,824 ------w C:\WINNT\SYSTEM32\DLLCACHE\WABIMP.DLL
2007-08-20 00:55 75,776 ------w C:\WINNT\SYSTEM32\DLLCACHE\DIRECTDB.DLL
2007-08-20 00:55 596,992 ------w C:\WINNT\SYSTEM32\INETCOMM.DLL
2007-08-20 00:55 596,992 ------w C:\WINNT\SYSTEM32\DLLCACHE\INETCOMM.DLL
2007-08-20 00:55 56,832 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSIMN.EXE
2007-08-20 00:55 55,808 ------w C:\WINNT\SYSTEM32\DLLCACHE\OEMIG50.EXE
2007-08-20 00:55 47,616 ------w C:\WINNT\SYSTEM32\INETRES.DLL
2007-08-20 00:55 47,616 ------w C:\WINNT\SYSTEM32\DLLCACHE\INETRES.DLL
2007-08-20 00:55 465,920 ------w C:\WINNT\SYSTEM32\DLLCACHE\WAB32.DLL
2007-08-20 00:55 42,496 ------w C:\WINNT\SYSTEM32\DLLCACHE\WAB.EXE
2007-08-20 00:55 31,744 ------w C:\WINNT\SYSTEM32\DLLCACHE\OEMIGLIB.DLL
2007-08-20 00:55 30,208 ------w C:\WINNT\SYSTEM32\DLLCACHE\WABFIND.DLL
2007-08-20 00:55 27,648 ------w C:\WINNT\SYSTEM32\DLLCACHE\WABMIG.EXE
2007-08-20 00:55 229,376 ------w C:\WINNT\SYSTEM32\MSOEACCT.DLL
2007-08-20 00:55 229,376 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSOEACCT.DLL
2007-08-20 00:55 2,479,616 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSOERES.DLL
2007-08-20 00:55 1,176,064 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSOE.DLL
2007-08-20 00:52 44,032 ------w C:\WINNT\SYSTEM32\MSIDENT.DLL
2007-08-20 00:52 44,032 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSIDENT.DLL
2007-08-17 20:21 132,096 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSRATING.DLL
2007-08-17 20:20 402,944 ------w C:\WINNT\SYSTEM32\DLLCACHE\SHLWAPI.DLL
2007-08-17 20:20 143,360 ------w C:\WINNT\SYSTEM32\DLLCACHE\CDFVIEW.DLL
2007-08-17 20:20 1,340,416 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\SHDOCVW.DLL
2007-08-17 20:20 1,018,368 ------w C:\WINNT\SYSTEM32\DLLCACHE\BROWSEUI.DLL
2007-08-17 18:10 575,488 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\WININET.DLL
2007-08-17 18:10 462,336 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\URLMON.DLL
2007-08-17 18:10 12,288 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\JSPROXY.DLL
2007-08-17 18:08 69,632 ------w C:\WINNT\SYSTEM32\DLLCACHE\INSENG.DLL
2007-08-17 18:08 498,176 ------w C:\WINNT\SYSTEM32\DLLCACHE\MSTIME.DLL
2007-08-17 18:08 351,744 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\DXTMSFT.DLL
2007-08-17 18:08 34,816 ------w C:\WINNT\SYSTEM32\DLLCACHE\PNGFILT.DLL
2007-08-17 18:08 236,032 ------w C:\WINNT\SYSTEM32\DLLCACHE\IEPEERS.DLL
2007-08-17 18:07 2,705,408 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\MSHTML.DLL
2007-08-17 18:07 192,512 ------w C:\WINNT\SYSTEM32\DLLCACHE\DXTRANS.DLL
2007-08-17 06:48 448,272 ------w C:\WINNT\SYSTEM32\oieng400.dll
2007-08-17 06:48 448,272 ------w C:\WINNT\SYSTEM32\DLLCACHE\oieng400.dll
2007-08-17 06:48 39,184 ------w C:\WINNT\SYSTEM32\jpeg2x32.dll
2007-08-17 06:48 39,184 ------w C:\WINNT\SYSTEM32\DLLCACHE\jpeg2x32.dll
2007-08-17 06:48 33,552 ------w C:\WINNT\SYSTEM32\tifflt.dll
2007-08-17 06:48 33,552 ------w C:\WINNT\SYSTEM32\DLLCACHE\tifflt.dll
2007-07-31 02:19 92,504 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\cdm.dll
2007-07-31 02:19 92,504 ----a-w C:\WINNT\SYSTEM32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINNT\SYSTEM32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINNT\SYSTEM32\wuauclt.exe
2007-07-31 02:19 53,080 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINNT\SYSTEM32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINNT\SYSTEM32\wucltui.dll
2007-07-31 02:19 203,096 ----a-w C:\WINNT\SYSTEM32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINNT\SYSTEM32\wuaueng.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINNT\SYSTEM32\wups.dll
2000-08-30 17:04 271 ---h--w C:\Program Files\DESKTOP.INI
2000-08-30 17:04 21,952 ---h--w C:\Program Files\FOLDER.HTT
1999-12-07 19:00 32,528 ------w C:\WINNT\INF\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\SYSTEM32\mobsync.exe]
"POINTER"="point32.exe" []
"Microsoft IntelliType Pro"="C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" [01/13/00 02:10a]
"Speed racer"="C:\Program Files\Creative\PlayCenter\CTSRReg.exe" [11/16/99 01:00a]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [11/30/99 01:00a]
"UpdReg"="C:\WINNT\Updreg.exe" [11/12/99 01:00a]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [08/30/99 01:55a]
"Iomega Startup Options"="C:\Program Files\Iomega\Common\ImgStart.exe" [06/02/00 11:57a]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [06/13/00 08:48a]
"SBC Yahoo! Connection Manager"="C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [02/03/03 09:23a]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [02/03/03 09:18a]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/24/04 04:18p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 06:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/24/04 04:19p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 12:36p]
"EPSON Stylus C84 Series"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [05/27/03 03:00a]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [11/22/04 05:20p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/07 10:19p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 03:59p]
"NvCplDaemon"="RUNDLL32.exe" [12/07/99 12:00p C:\WINNT\SYSTEM32\rundll32.exe]
"nwiz"="nwiz.exe" [07/28/03 02:19p C:\WINNT\SYSTEM32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/07 12:02a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 01:11a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" []
"NvMediaCenter"="RUNDLL32.exe" [12/07/99 12:00p C:\WINNT\SYSTEM32\rundll32.exe]

C:\Documents and Settings\sharon\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2001-03-30 11:06:28]
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2002-09-07 18:04:51]
PowerReg Scheduler.exe [2006-01-07 13:18:44]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
discfix.lnk - C:\DELL\discfix.cmd [1980-01-01]

C:\Documents and Settings\sharon\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2001-03-30 11:06:28]
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2002-09-07 18:04:51]
PowerReg Scheduler.exe [2006-01-07 13:18:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54]
SmartCapture.lnk - C:\WINNT\Seiko\slpcap.exe [2001-01-30 20:08:57]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

R0 aaatimeo;aaatimeo;C:\WINNT\system32\DRIVERS\aaatimeo.sys
R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys
R0 PQV2i;PQV2i;C:\WINNT\system32\drivers\PQV2i.sys
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys
R1 PQIMount;PQIMount;C:\WINNT\system32\drivers\PQIMount.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R2 ISD;Intel® 82802 Firmware Hub Device (Intel® Security Driver);C:\WINNT\system32\DRIVERS\ISECDRV.SYS
S0 cda1000;cda1000;C:\WINNT\system32\DRIVERS\cda1000.sys
S1 Isecdrv;Isecdrv;C:\WINNT\system32\DRIVERS\Isecdrv.sys
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
S3 epstw2k;SCM Parallel Port SCSI Driver;C:\WINNT\system32\DRIVERS\epstw2k.sys
S3 VisorUsb;Handspring USB;C:\WINNT\system32\DRIVERS\VisorUsb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 04:03:46 C:\WINNT\Tasks\Norton AntiVirus - Run Full System Scan - Sharon.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 10:58:46
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@?$?@?? C?????U?@?????????@?B???A???????A?P ????B???@?????P???$?@?? ??????TG?w??????????@???????????????????B?????\ ????????????????????????????B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 10/21/2007 10:59:19
.
--- E O F ---




HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:30 AM, on 10/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\Seiko\slpcap.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\MDM.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = neon:80
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_0_8_6.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_0_8_6.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Speed racer] "C:\Program Files\Creative\PlayCenter\CTSRReg.exe"
O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Iomega Startup Options] "C:\Program Files\Iomega\Common\ImgStart.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Norton Ghost 9.0] "C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - .DEFAULT Startup: PowerReg SchedulerV2.exe (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartCapture.lnk = C:\WINNT\Seiko\slpcap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: *.silver
O15 - Trusted Zone: *.silver (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130133474359
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINNT\System32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

--
End of file - 12152 bytes

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 22 October 2007 - 09:48 AM

I still do not see anything here. I suggest you ask your firewall questions in this forum:

AntiVirus, Firewall and Privacy Products and Protection Methods

#7 uadave

uadave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 23 October 2007 - 05:29 PM

OK, I'll give the Firewall Forum a try.

Thanks for all your help,
uadave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users