Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijacked; BleepingComputer.com blocked (2)


  • Please log in to reply
3 replies to this topic

#1 AbyssWriter

AbyssWriter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 07 April 2009 - 12:44 AM

My problems began around midnight, March 31/April 1. My system is Windows XP SP3.

Symptom No. 1: Like Phytoman, I have been having a problem with Google search results redirected to other sites. Usually, hitting the back button gets me to the intended search result. This happens in Firefox, Internet Explorer, Google Chrome and Safari. I don't think I have tested for it in Opera, though.

Symptom No. 2: Like Phytoman, when I try to access bleepingcomputer.com for help, all I get is a blank page. The problem occurs in several browsers.

Symptom No. 3: I cannot run regedit or cmd from the Start|Run line -- not in normal mode, nor in Safe mode. Windows Explorer crashes, then recovers when I try. I can run a renamed version of regedit. I haven't tried doing so with cmd.

Symptom No. 4: I can get to the Windows Update site, but get an error when it begins to analyze my computer.

Symptom No. 5: I have run the following without luck:
a) Norton AntiVirus complete scan
:thumbup2: Windows Malicious Software Removal Tool
c) MalwareBytes Anti-Malware
d) SpyBot Search & Destroy
e) Ad-Aware

I use Norton AntiVirus and ZoneAlarm firewall. In a state of exhaustion later on April 1, ZoneAlarm asked if I wanted to allow "~.exe" access to the Internet. I reflexively granted access before I realized what I was doing. The program was allegedly located at "c:/windows/system32/~.exe," but I cannot find any file of that name.

Below is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:27 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TWC\InstaLAN\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeConnect\scManager.sys
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\David Lawrence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page http://fuzzo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Lawrence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: SafeConnect.lnk = ?
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\TWC\InstaLAN\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c957fe94d4c3c4) (gupdate1c957fe94d4c3c4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 18064 bytes

BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:46 AM

Posted 14 April 2009 - 09:30 AM

Hi,

Please download DaonolFix from the link below and save it to your Desktop
Download Mirror #1
  • Double-click DaonolFix.exe to run it.
  • Select 1. Find Daonol (no fix) by typing 1 and pressing Enter.
  • You will see a lot of files being listed - don't worry, they are just being scanned.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called DaonolFix.txt).
Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".

Posted Image

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 AbyssWriter

AbyssWriter
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 19 April 2009 - 08:16 PM

I actually think I tracked it down and disabled the infection, if not killed it outright, before you replied. After some work manually updating Norton AntiVirus's definitions, it found two trojans -- Trojan.Dropper and Trojan.KillAV. Norton managed to clear all of Dropper, but KillAV took more work. After tracking down files it kept creating and deleting some registry entries that instructed windows to keep creating a file with a name variant of "nqcpq.pvp," I seem to have ridded myself of the problem.

Deleting the registry entries seemed key to stopping the problem. Since then I have been able to run both regedit and cmd with no problem. I can access bleepingcomputer.com, and the Windows update, Symantec LiveUpdate, ZoneAlarm, and the update features in MalwareBytes AntiMalware, SuperAntiSpyware, and Ad-Aware all work just fine. Repeated scans by multiple programs

Just in case, though, I have run DaonolFix, ComboFix, and HijackThis. The logs from all three are attached below. I had trouble getting ComboFix to run in normal mode, but it ran fine in safe mode. Since I could not access the Internet in safe mode, I could not install the recovery console. As a result, ComboFix alleges that it only scanned for malware.

Let me know if you see any signs of trouble.

Dave

-- DanaolFix Log --

DaonolFix (15.04.09) by jpshortstuff
Log created at 10:06 on 18/04/2009 by David Lawrence
Running from C:\Documents and Settings\David Lawrence\Desktop\DaonolFix.exe

=====Find Daonol=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"aux3"="wdmaud.drv"
"aux4"="wdmaud.drv"
"aux5"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midi4"="wdmaud.drv"
"midi5"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"mixer5"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"MSVideo8"="VfWWDM32.dll"
"vidc.cvid"="iccvid.dll"
"vidc.DIVX"="DivX.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.WMV3"="wmv9vcm.dll"
"VIDC.YUY2"="msyuv.dll"
"vidc.yv12"="DivX.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"wave4"="wdmaud.drv"
"wave5"="wdmaud.drv"
"wavemapper"="msacm32.drv"

-=Daonol Files=-
(none found)

-=End Of File=-

-- ComboFix Log --

ComboFix 09-04-17.03 - David Lawrence 04/19/2009 17:35.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.765 [GMT -4:00]
Running from: c:\documents and settings\David Lawrence\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: ZoneAlarm Security Suite Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-17 00:41 . 2009-04-17 00:43 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 06:33 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-15 16:02 . 2009-04-15 16:02 -------- d-----w c:\windows\system32\XPSViewer
2009-04-15 15:56 . 2009-04-15 16:00 -------- d-----w C:\ce5f2698c1328f488de95d076f0a5e
2009-04-15 13:48 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:48 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:48 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 13:48 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:48 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 13:48 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:48 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:48 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:48 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:45 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 13:44 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 13:44 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 21:38 . 2009-04-19 18:31 2215 ----a-w C:\rollback.ini
2009-04-08 19:12 . 2009-04-16 13:05 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-08 15:37 . 2008-04-14 00:12 389120 ----a-w c:\windows\system32\c3md.exe
2009-04-08 14:28 . 2009-04-08 14:28 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-08 14:26 . 2009-04-08 14:27 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-08 13:07 . 2009-04-08 12:51 1141 ----a-w c:\windows\win.old
2009-04-08 13:06 . 2009-04-08 12:51 227 ----a-w c:\windows\system.old
2009-04-06 22:30 . 2009-04-06 22:30 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-06 20:09 . 2009-04-06 20:09 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-06 20:08 . 2009-04-06 20:08 -------- d-----w c:\documents and settings\Administrator\Application Data\Intel
2009-04-05 21:27 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-05 04:50 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-05 04:26 . 2009-04-05 04:26 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-05 04:24 . 2009-04-05 04:50 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-03 21:36 . 2008-04-14 00:12 146432 ----a-w c:\windows\reg3edit.exe
2009-04-03 21:20 . 2009-04-03 21:20 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-03 21:20 . 2009-04-03 21:20 -------- d-----w c:\documents and settings\David Lawrence\Application Data\SUPERAntiSpyware.com
2009-04-03 13:30 . 2009-03-31 23:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-03 05:34 . 2009-04-03 05:34 -------- d-----w c:\documents and settings\David Lawrence\Application Data\Malwarebytes
2009-04-03 05:33 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 05:33 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 05:33 . 2009-04-03 05:33 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 18:00 . 2009-03-21 18:00 -------- d-----w c:\documents and settings\David Lawrence\Local Settings\Application Data\Extensions
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:28 . 2009-04-06 16:00 11644 ----a-w C:\aaw7boot.log
2009-04-19 21:28 . 2007-10-25 22:34 13753892 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-19 21:28 . 2007-10-25 22:34 1026876960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-19 21:13 . 2007-10-17 22:47 -------- d-----w c:\documents and settings\David Lawrence\Application Data\Skype
2009-04-19 20:09 . 2008-03-10 12:28 -------- d-----w c:\documents and settings\David Lawrence\Application Data\skypePM
2009-04-19 19:42 . 2007-11-25 14:25 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-19 16:34 . 2007-02-20 05:55 -------- d-----w c:\program files\TestGen
2009-04-19 15:07 . 2007-10-25 22:24 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-18 22:08 . 2007-10-27 15:22 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-17 21:33 . 2007-10-03 14:38 -------- d-----w c:\documents and settings\David Lawrence\Application Data\EndNote
2009-04-17 16:44 . 2009-04-17 18:46 3124736 ----a-w c:\windows\Internet Logs\xDB59.tmp
2009-04-17 00:43 . 2009-04-17 00:41 -------- d-----w c:\program files\iTunes
2009-04-17 00:42 . 2009-04-17 00:42 -------- d-----w c:\program files\iPod
2009-04-17 00:42 . 2007-07-05 00:00 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 13:07 . 2008-04-01 03:18 -------- d-----w c:\program files\Common Files\Cloudmark
2009-04-16 13:07 . 2008-04-01 03:20 -------- d-----w c:\documents and settings\David Lawrence\Application Data\Cloudmark
2009-04-16 11:59 . 2007-02-17 05:25 114392 ----a-w c:\documents and settings\David Lawrence\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 17:15 . 2007-11-20 22:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 16:02 . 2009-04-15 16:02 -------- d-----w c:\program files\MSBuild
2009-04-13 19:50 . 2007-02-17 05:44 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 15:34 . 2007-11-16 12:09 34430553 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-10 02:26 . 2009-04-10 02:26 -------- d-----w c:\program files\TweetDeck
2009-04-09 17:09 . 2009-04-03 05:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 15:07 . 2009-04-09 15:09 2748416 ----a-w c:\windows\Internet Logs\xDB58.tmp
2009-04-09 00:53 . 2007-02-20 19:10 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 20:00 . 2009-04-08 20:00 -------- d-----w c:\program files\AskBarDis
2009-04-08 13:06 . 2009-04-08 13:06 70048 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_08_08_59_22_small.dmp.zip
2009-04-06 22:29 . 2009-04-06 22:29 123636 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_06_18_22_54_small.dmp.zip
2009-04-06 22:29 . 2009-04-06 22:29 94642 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_06_18_21_41_small.dmp.zip
2009-04-06 22:29 . 2009-04-06 22:29 93060 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_06_18_20_25_small.dmp.zip
2009-04-06 22:22 . 2009-04-06 22:24 4708864 ----a-w c:\windows\Internet Logs\xDB57.tmp
2009-04-06 22:22 . 2009-04-06 22:24 12800 ----a-w c:\windows\Internet Logs\xDB56.tmp
2009-04-06 22:21 . 2009-04-06 22:22 4708864 ----a-w c:\windows\Internet Logs\xDB55.tmp
2009-04-06 22:21 . 2009-04-06 22:22 8192 ----a-w c:\windows\Internet Logs\xDB54.tmp
2009-04-06 22:20 . 2009-04-06 22:21 108032 ----a-w c:\windows\Internet Logs\xDB53.tmp
2009-04-06 22:20 . 2009-04-06 22:21 104960 ----a-w c:\windows\Internet Logs\xDB52.tmp
2009-04-06 22:20 . 2009-04-06 22:21 4708864 ----a-w c:\windows\Internet Logs\xDB51.tmp
2009-04-06 22:20 . 2009-04-06 22:21 44032 ----a-w c:\windows\Internet Logs\xDB50.tmp
2009-04-06 20:06 . 2009-04-06 20:08 2144768 ----a-w c:\windows\Internet Logs\xDB4F.tmp
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\Trend Micro
2009-04-06 03:56 . 2007-03-21 21:09 2897 ----a-w C:\BulkLoad.htm
2009-04-05 04:59 . 2009-04-05 04:57 -------- d-----w c:\program files\Malware
2009-04-05 04:24 . 2009-04-05 04:24 -------- d-----w c:\program files\Lavasoft
2009-04-03 22:16 . 2007-02-17 05:47 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-03 21:20 . 2009-04-03 21:20 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-03 15:57 . 2009-04-03 15:59 89088 ----a-w c:\windows\Internet Logs\xDB4E.tmp
2009-04-03 15:36 . 2009-04-03 15:37 51200 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2009-04-03 15:28 . 2009-04-03 15:29 88064 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2009-04-03 15:09 . 2009-04-03 15:10 88576 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2009-04-03 14:49 . 2009-04-03 14:50 88576 ----a-w c:\windows\Internet Logs\xDB4A.tmp
2009-04-03 14:25 . 2009-04-03 14:26 50176 ----a-w c:\windows\Internet Logs\xDB49.tmp
2009-04-03 14:01 . 2009-04-03 14:01 57197 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_03_09_53_12_small.dmp.zip
2009-04-03 14:01 . 2009-04-03 14:01 57247 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_03_09_53_09_small.dmp.zip
2009-04-03 14:01 . 2009-04-03 14:01 57445 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_03_09_53_06_small.dmp.zip
2009-04-03 14:01 . 2009-04-03 14:00 14275566 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_03_09_52_56_full.dmp.zip
2009-04-03 14:00 . 2009-04-03 14:00 57235 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_03_09_52_54_small.dmp.zip
2009-04-03 14:00 . 2009-04-03 14:00 57224 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_04_03_09_52_52_small.dmp.zip
2009-04-03 13:37 . 2009-04-03 13:55 4665856 ----a-w c:\windows\Internet Logs\xDB48.tmp
2009-04-03 13:37 . 2009-04-03 13:55 179712 ----a-w c:\windows\Internet Logs\xDB47.tmp
2009-04-03 11:17 . 2008-08-20 14:58 -------- d-----w c:\program files\SafeConnect
2009-04-03 11:13 . 2009-04-03 11:16 415232 ----a-w c:\windows\Internet Logs\xDB46.tmp
2009-04-03 05:30 . 2009-04-03 05:29 10046 ----a-w C:\JavaRa.log
2009-04-03 05:30 . 2007-02-20 23:13 -------- d-----w c:\program files\Java
2009-04-02 22:25 . 2009-04-02 04:51 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-01 20:40 . 2009-04-01 20:42 52224 ----a-w c:\windows\Internet Logs\xDB45.tmp
2009-04-01 08:45 . 2009-04-01 16:14 2673152 ----a-w c:\windows\Internet Logs\xDB44.tmp
2009-04-01 02:15 . 2007-07-08 01:39 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-03-31 23:20 . 2007-10-25 22:23 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 19:20 . 2007-02-21 22:40 -------- d-----w c:\program files\Google
2009-03-30 16:26 . 2007-02-17 05:53 -------- d-----w c:\program files\Norton SystemWorks
2009-03-22 16:42 . 2009-03-22 23:12 4577792 ----a-w c:\windows\Internet Logs\xDB43.tmp
2009-03-22 15:05 . 2009-03-22 15:08 3526656 ----a-w c:\windows\Internet Logs\xDB42.tmp
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 15:01 . 2009-03-13 16:34 4557312 ----a-w c:\windows\Internet Logs\xDB41.tmp
2009-03-13 03:24 . 2009-03-13 03:22 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 03:14 . 2009-03-13 03:12 -------- d-----w c:\program files\QuickTime
2009-03-12 05:56 . 2009-03-12 11:14 828928 ----a-w c:\windows\Internet Logs\xDB40.tmp
2009-03-10 01:54 . 2009-02-09 02:54 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-08 22:52 . 2008-11-09 19:12 -------- d-----w c:\program files\Flickr Uploadr
2009-03-08 21:53 . 2007-10-25 22:39 -------- d-----w c:\documents and settings\David Lawrence\Application Data\MailFrontier
2009-03-08 21:32 . 2008-07-18 18:52 -------- d-----w c:\program files\Celtx
2009-03-08 21:06 . 2009-03-08 21:07 196096 ----a-w c:\windows\Internet Logs\xDB3F.tmp
2009-03-08 02:56 . 2009-03-07 22:42 -------- d-----w c:\program files\Brother
2009-03-08 02:53 . 2007-02-16 21:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 02:06 . 2009-03-08 02:07 189952 ----a-w c:\windows\Internet Logs\xDB3E.tmp
2009-03-08 01:49 . 2009-03-08 01:49 -------- d-----w c:\documents and settings\David Lawrence\Application Data\Brother
2009-03-07 23:13 . 2009-03-07 23:13 -------- d-----w c:\documents and settings\David Lawrence\Application Data\ScanSoft
2009-03-07 22:19 . 2009-03-07 22:19 -------- d-----w c:\program files\Nuance
2009-03-07 22:16 . 2009-03-07 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2009-03-07 22:12 . 2009-03-07 21:44 -------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-03-07 21:43 . 2009-03-07 21:43 -------- d-----w c:\program files\ScanSoft
2009-03-07 21:10 . 2009-03-07 21:10 -------- d-----w c:\documents and settings\All Users\Application Data\Brother
2009-03-07 06:20 . 2009-03-07 15:08 289280 ----a-w c:\windows\Internet Logs\xDB3D.tmp
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 13:58 . 2008-12-08 21:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 08:45 . 2009-03-06 12:47 125952 ----a-w c:\windows\Internet Logs\xDB3C.tmp
2009-03-05 23:39 . 2007-09-15 19:51 -------- d-----w c:\program files\Second Site 2
2009-03-05 23:39 . 2007-02-22 00:29 -------- d-----w c:\program files\ClimVegWin
2009-03-05 22:56 . 2009-03-05 22:58 249856 ----a-w c:\windows\Internet Logs\xDB3B.tmp
2009-03-04 16:23 . 2007-02-22 00:47 -------- d-----w c:\program files\ClimExWin
2008-12-25 23:10 . 2008-12-25 23:11 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122520081226\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-06 22:15 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-06 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-06 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13 583312 ----a-r c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13 583312 ----a-r c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13 583312 ----a-r c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-05-01 1654784]
"Google Update"="c:\documents and settings\David Lawrence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"InstaLAN"="c:\program files\TWC\InstaLAN\InstaLAN.exe" [2008-02-15 628000]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 53096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"PdxRegCl"="c:\program files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-17 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Norton System Doctor.lnk - c:\program files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2005-10-3 83632]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 271640]
Snsicon.lnk - c:\program files\Second Nature\Snsicon.exe [2007-11-11 86016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-08 18:44 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 03:46 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ----a-w c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-02-06 21:27 177472 ----a-w c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-08-14 05:07 102400 ----a-w c:\program files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 13:00 1116920 ----a-w c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-02-22 22:18 198160 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"GoToAssist"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-06 464264]
R2 gupdate1c957fe94d4c3c4;Google Update Service (gupdate1c957fe94d4c3c4);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-19 133104]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [2005-10-03 95832]
R2 SCManager;SafeConnect Manager; [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a67bbc-c3f5-11db-92c0-0015c56c8db9}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-27 00:15]

2009-04-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-06 20:14]

2009-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job
- c:\documents and settings\David Lawrence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:21]

2009-04-18 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - David Lawrence.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-09-23 16:13]

2009-04-13 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2005-10-06 03:02]

2009-04-19 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-04 01:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-spc_w - c:\program files\NZSearch\nzspc.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://fuzzo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\David Lawrence\Application Data\Mozilla\Firefox\Profiles\wfl10con.default\
FF - prefs.js: browser.startup.homepage - hxxp://fuzzo.com
FF - component: c:\documents and settings\David Lawrence\Application Data\Mozilla\Firefox\Profiles\wfl10con.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\David Lawrence\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Opera\program\plugins\npzzatif.dll

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org http://blackboard.vsu.edu
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-1417001333-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-04-19 17:54
ComboFix-quarantined-files.txt 2009-04-19 21:53

Pre-Run: 17,194,897,408 bytes free
Post-Run: 17,952,141,312 bytes free

385 --- E O F --- 2009-04-16 07:02

-- HijackThis Log --

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:10 PM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TWC\InstaLAN\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeConnect\scManager.sys
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\David Lawrence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fuzzo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\TWC\InstaLAN\InstaLAN.exe" startup
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Lawrence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: SafeConnect.lnk = ?
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\TWC\InstaLAN\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c957fe94d4c3c4) (gupdate1c957fe94d4c3c4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 19338 bytes

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:46 AM

Posted 20 April 2009 - 12:50 AM

Looks like you did a pretty good job :thumbup2:

The only thing I can mention now is that running multiple AntiVirus or Firewall programs is rarely good for you system, and can usually bog it down rather than actually being more secure.

If everything is running OK, then there's not really any more advice I can give you.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users