Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Worm On Board


  • Please log in to reply
13 replies to this topic

#1 DLivengood

DLivengood

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 14 October 2006 - 05:39 PM

I have a host of anti virus ware including Spybot, Ad Aware Windows Defender, a squared, evido, etc. I also have Norton Antivirus and Firewall. I ran Panda active scan and Bit defender today. Bit defender identified 30 issues and deleted 29. Ran McAfee Avert Stinger and it came up clean. Symptoms include popups from rooty, winvirus and drivecleaner plus response time is at a standstill. Memory appears to be clogged up.
I feel compromised but can't find out how or where. Browser might have trouble. This morning I saw CO_Mon.sys running, but don't know if that is still around.

I have todays scan logs from the tests I ran if that is helpful.
Hope you can help.
Thanks Dave



Logfile of HijackThis v1.99.1
Scan saved at 3:12:21 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {379E44BF-C15B-4B45-BD1A-18CB94F74C32} - C:\WINDOWS\system32\LVCoft.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.co...773218OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124339267781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{07619E9F-DC43-4CA8-8ABC-275A4B3BC934}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{65B45E06-4533-4223-9B42-CA69797BAFF6}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{07619E9F-DC43-4CA8-8ABC-275A4B3BC934}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.14
O20 - Winlogon Notify: LVCoft - C:\WINDOWS\SYSTEM32\LVCoft.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 15 October 2006 - 12:15 PM

Hello DLivengood

I'd Like to take a look at this log and I'll get back you you as soon as I can.

ourwilly. :thumbsup:

#3 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 15 October 2006 - 01:58 PM

Hello DLivengood :thumbsup:

Copy and Paste this post into a new text document or print it out for reference.

Important: during the cleaning of this system can you please ensure that you keep your Real-Time protection Disabled during this fix.

To Disable Windows Defender Real-time Protection,

Open Windows Defender
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

To Disable A-Squared's Guard Protection

Right-click the A2 system tray icon and select "Guard Settings"
Under the General tab uncheck "Enable background guard on System Startup".
Reboot the machine to complete the change.


Step 1

Go here: http://virusscan.jotti.org/
Select the Browse button and Navigate to this file:
C:\WINDOWS\system32\LVCoft.dll
Then select submit, please "Copy and Paste these result's" in your next reply.


Then Download haxfix.exe
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
  • Copy the contents of that logfile and paste it In your next reply. (c:\haxfix.txt)
Step 2

Please download FixWareout from of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O2 - BHO: (no name) - {379E44BF-C15B-4B45-BD1A-18CB94F74C32} - C:\WINDOWS\system32\LVCoft.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Do you use protection software that Locks the homepage from changes'
or has the system administrator has put this into place, If not then have HijackThis fix these 06 line

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O17 - HKLM\System\CCS\Services\Tcpip\..\{07619E9F-DC43-4CA8-8ABC-275A4B3BC934}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{65B45E06-4533-4223-9B42-CA69797BAFF6}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{07619E9F-DC43-4CA8-8ABC-275A4B3BC934}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.14
O20 - Winlogon Notify: LVCoft - C:\WINDOWS\SYSTEM32\LVCoft.dll



Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.


Step 3.

Before doing this write down all the settings. Note that not all system/setups even have these settings, While some connection service's will require them.
These instruction's are basically for home users.
Enter your Control Panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically. Make sure the radio dial has the Green Dot in it!!


Go to Start > Run, enter CMD and click OK.

* At the Dos Prompt Screen, type in cd\ and then press <ENTER>.
* Now type in ipconfig /flushdns and then press <ENTER>. (notice the space after ipconfig)
* Close the command prompt window.

Reboot when Finished


Step 4

Can you please Uninstall "ewido anti-malware"

and then download AVG Anti-Spyware
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Do Not Scan With This Yet!

Please Reboot your System into Safe Mode
Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8 from the menu select the option to enter "Safe Mode".

Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act? Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan? All checkboxes should be ticked.
Under Possibly unwanted software: All checkboxes should be ticked.
Under Reports: Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan? Select Scan every file.
Click on the Scan tab. Click on Complete System Scan to start the scan process.

Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
Posted Image
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Please Re-scan with HijackThis and post

1/ The new HijackThis Log
2/ The AVG Anti-Spyware 7.5 Report-Scan.txt
3/ The C:\fixwareout\report.txt
4/ The c:\haxfix.txt

ourwilly. :flowers:

#4 DLivengood

DLivengood
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 15 October 2006 - 11:06 PM

Our Willy, :thumbsup:
Wow, now that was an exercise. I know we have done a lot of good things. Look forward to your review of the logs.

There were a couple of cliches in the process that I had to do work arounds but overall it went well. I can share those process points later.

I am attaching the logs that you requested. The final scan with AVG Anti-Spyware retuned "Nothing Found" and therefore there was no file to attach.

Look forward to hearing from you. Thanks again... :flowers:
Dave


Service load: 0% 100%

File: LVCoft.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 e242f431a152a7e71561892c90491f02
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.ConHook.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Klone
BitDefender Found MemScan:Trojan.Conhook.C
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Packed.Win32.Klone.k
NOD32 Found probably a variant of Win32/TrojanDownloader.ConHook.AA (probable variant)
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing

HAXFIX logfile - by Marckie
______________
version 4.21
Sun 10/15/2006 15:51:26.12

checking for haxdoor
--------------------
checking for a3d files....
a3d files not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
matching services found
Aspi32

checking for matching safeboot services....
no matching safeboot services found

checking for other haxdoorfiles....


Checking for goldun
-------------------

checking for SSODL keys....
no ssodl keys found

checking for notify keys....
no notify keys found

checking for services....
no services found

checking for other goldunfiles....


Finished


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Searching by size/names...


Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

Misc files.

Checking for older varients covered by the Rem3 tool.


Logfile of HijackThis v1.99.1
Scan saved at 8:29:22 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {379E44BF-C15B-4B45-BD1A-18CB94F74C32} - C:\WINDOWS\system32\LVCoft.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.co...773218OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124339267781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: LVCoft - C:\WINDOWS\SYSTEM32\LVCoft.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:05:50 PM 10/15/2006

+ Scan result:



Nothing found.


::Report end

#5 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 16 October 2006 - 11:11 AM

Hello DLivengood

Copy and Paste this post into a new text document or print it out for reference.

Please Remember to keep your Real-Time protection Disabled.

Step 1

Double-click VundoFix.exe to run it.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the "Scan for Vundo" button.
Once it's done scanning, click the "Remove Vundo" button.

Right click the list box (white box) in the main VundoFix window.
Select "Add More Files?" from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste this in the first field: C:\WINDOWS\system32\LVCoft.dll
Copy and paste this in the second field: C:\WINDOWS\system32\tfoCVL.*
Click the "Add Files" button.
Click the "Close Window" button.
Click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Step 2

Please Update your Sun Java console - You must Uninstall All old versions of Java first as they are a security threat if left installed. Close any programmes you may have running, ESPECIALLY your web browser. Then using Add/Remove Select any item with Java Runtime Environment (JRE) in the name and uninstall.

Then Reboot your computer...

Now CLICK HERE select the Download button next to "J2SE Runtime Environment (JRE) 5.0 Update 9"
"Accept" the License Agreement Then choose the First download link "Windows Offline Installation, Multi-language". Please note - You must Install this version Offline.

Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thank you,
ourwilly.

#6 DLivengood

DLivengood
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 16 October 2006 - 01:15 PM

:thumbsup: our willy.
I know this was a test...I had to Google to find the VundoFix.exe. Also I think the first instruction to "Remove Vundo" was out of sequence. I ran it a second time and all worked out with "remove Vondo" in the second position.


VundoFix V6.2.4

Checking Java version...

Java version is 1.4.2.5

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 10:27:09 AM 10/16/2006

Listing files found while scanning....

C:\WINDOWS\system32\LVCoft.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\LVCoft.dll
C:\WINDOWS\system32\LVCoft.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.4

Checking Java version...

Java version is 1.4.2.5

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 10:39:35 AM 10/16/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 11:09:12 AM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {379E44BF-C15B-4B45-BD1A-18CB94F74C32} - C:\WINDOWS\system32\LVCoft.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.co...773218OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124339267781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Not sure if the work we have done so far will also address a Norton error message I get: "Unused port blocking has blocked communications". I see it in the reports secton of NAV.

Also I get popups, alledgedly from Google that I have an important message...

Thanks,
Dave

#7 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 16 October 2006 - 06:00 PM

Hello DLivengood :thumbsup:

Unused port blocking has blocked communications

Like to ask if these are to be all 'inbound' if so then this is your Norton Firewall working as it should

Also like to ask again about these 06 Entries please
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

and information regarding this 016 entry
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.co...773218OneCC.cab
Relating to Estara.com > one click call. Do you have This..?

Copy and Paste this post into a new text document or print it out for reference.

Step 1

Can you please Re-Scan with HijackThis and place a "checkmark" next to these entries:

O2 - BHO: (no name) - {379E44BF-C15B-4B45-BD1A-18CB94F74C32} - C:\WINDOWS\system32\LVCoft.dll (file missing)

Make sure all browser and all Windows Explorer windows are closed and select "Fix checked". Exit Hijack This


Step 2

Clean your Cache and Cookies in IE:
Go to Control Panel > Internet Options > General tab.
Click the "Delete Cookies" button and then the "Delete Files" button next to it.
When prompted, place a check in: "Delete all offline content", click OK.

Clean other Temporary files + Recycle bin:
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Please Re-Scan your system with the Panda ActiveScan
http://www.pandasoftware.com/activescan.htm

When the scan completes, click the See Report button, then Save Report, and save it to your desktop.

Reboot your System


Step 3

Create a folder in the root of your C: drive and name it Blacklight.
A brief explanation of how to do this can be found here.

Download F-Secure's BlackLight
http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe
Log off from the internet and disconnect your modem cable.
Doubleclick on blbeta.exe
Click on Scan, Once the Scan is Finished, click on Next.
Click on Exit.
A new document will be produced, Open this document with Notepad.
Copy and Paste its contents your next reply.


Step 4

Due to the type of infection that you have Can you please Now Right-Click on Hijackthis.exe and "Rename" it to abcd.exe

Now Re-scan with abcd.exe and post

1/ The new abcd.exe ( HJT ) log
2/ The BlackLight log
3/ The Panda Log Result

And anything more information on the Norton blocked communications message and my questions

Thank you,
ourwilly. :flowers:

#8 DLivengood

DLivengood
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 16 October 2006 - 10:38 PM

ourwilly,
Perhaps I read your earlier instruction incorrectly. I thought you asked if I had the ability to lock down my homepage and if not check ther registry entries that you are asking about. Since Norton gives me that ability I did not check them. If we need to delete those ehtries just let me know.
I am attaching the most recent HijachThis log;(renamed abcd before executing) and the Panda log. Blacklight turned up nothing so there was no log.

I am also attaching a copy of the firewall entries regarding the "unused port blocking.." Hope that is helpful. Regarding estara; I did not install it. I did have achat session with e bay the other night. Maybe it's ther as a result of that. We can delete that if you think it's best..

Thannks,
Dave

Logfile of HijackThis v1.99.1
Scan saved at 8:20:08 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\abcd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.co...773218OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124339267781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Panda scan results:

No viruses or other malicious software have been found!

Scan finished


Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools and potentially unwanted tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0


Norton:
Category: Firewall
Date,Message,Details
10/16/2006 5:18:04 PM,An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.
10/16/2006 5:17:58 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1442 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:16:41 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (24.141.251.231,6346)."
10/16/2006 5:13:12 PM,Firewall configuration updated: 170 rules.,Firewall configuration updated: 170 rules.
10/16/2006 5:13:12 PM,NDIS filtering is enabled.,NDIS filtering is enabled.
10/16/2006 10:06:37 AM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/16/2006 10:06:06 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4965 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 10:05:39 AM,An instance of "C:\Program Files\a-squared Anti-Malware\a2guard.exe" is preparing to access the Internet.,An instance of "C:\Program Files\a-squared Anti-Malware\a2guard.exe" is preparing to access the Internet.
10/16/2006 10:01:09 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 10:01:06 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4921 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 10:01:06 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 10:01:05 AM,"Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8).","Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8). Outbound ICMP request. Local address is (LIVENGOOD(68.107.0.177)). Remote address is (68.107.0.1). Message type is ""Echo Request"". Process name is ""N/A""."
10/16/2006 8:50:05 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4919 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:45:26 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (74.225.50.220,6346)."
10/16/2006 8:45:04 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4917 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:44:27 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (68.75.57.217,6346)."
10/16/2006 8:40:02 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4915 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:35:01 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4913 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:34:36 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (83.39.208.171,6346)."
10/16/2006 8:34:33 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (83.39.208.171,6346)."
10/16/2006 8:30:00 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4911 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:24:42 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4909 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:20:22 AM,An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.
10/16/2006 8:19:41 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4907 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:14:40 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4905 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:10:01 AM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/16/2006 8:09:59 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 8:09:59 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 8:09:56 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4877 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 8:09:39 AM,"Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8).","Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8). Outbound ICMP request. Local address is (LIVENGOOD(68.107.0.177)). Remote address is (68.107.0.1). Message type is ""Echo Request"". Process name is ""N/A""."
10/16/2006 5:30:46 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4875 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:25:45 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4873 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:23:16 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (60.191.34.18,nameserver(42))."
10/16/2006 5:20:44 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4871 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:15:43 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4869 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:10:41 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4867 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:07:59 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 5:07:59 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 5:06:28 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 5:06:28 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 5:05:40 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4865 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 5:00:30 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4863 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:55:29 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4861 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:50:28 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4859 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:45:26 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4857 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:40:25 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4855 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:35:24 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4853 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:33:12 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:33:12 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:30:23 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4851 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:25:22 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4849 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:23:37 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:23:37 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:21:23 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:21:23 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:20:20 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4847 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:20:03 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:20:03 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:19:08 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:19:08 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:18:02 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:18:02 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:16:47 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (218.2.157.104,7212)."
10/16/2006 4:15:03 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4845 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:11:51 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:11:51 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:10:13 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:10:13 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 4:10:01 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4843 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 4:06:20 AM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/16/2006 4:05:22 AM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/16/2006 4:05:10 AM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/16/2006 4:04:57 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4795 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:59:39 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4309 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:54:29 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,3704 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:53:50 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (220.105.115.240,6346)."
10/16/2006 3:53:48 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (220.105.115.240,6346)."
10/16/2006 3:49:27 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,3444 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:47:46 AM,An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
10/16/2006 3:44:07 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2973 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:39:06 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2851 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:36:56 AM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (61.57.132.230,ftp(21))."
10/16/2006 3:34:31 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 3:34:26 AM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 68.6.16.25,domain(53)"
10/16/2006 3:34:11 AM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/16/2006 3:34:08 AM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2713 Remote IP address,port: 68.6.19.2,pop3(110)"
10/16/2006 3:34:04 AM,"Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8).","Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8). Outbound ICMP request. Local address is (LIVENGOOD(68.107.0.177)). Remote address is (68.107.0.1). Message type is ""Echo Request"". Process name is ""N/A""."
10/16/2006 3:34:02 AM,"Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8).","Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8). Outbound ICMP request. Local address is (LIVENGOOD(68.107.0.177)). Remote address is (68.107.0.1). Message type is ""Echo Request"". Process name is ""N/A""."
10/16/2006 3:34:01 AM,"Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8).","Rule ""Default Outbound ICMP"" permitted (68.107.0.1,8). Outbound ICMP request. Local address is (LIVENGOOD(68.107.0.177)). Remote address is (68.107.0.1). Message type is ""Echo Request"". Process name is ""N/A""."
10/15/2006 10:06:18 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2711 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 10:01:00 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2709 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:55:59 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2707 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:50:58 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2705 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:45:47 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,2285 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:40:42 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1997 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:35:25 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1582 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:30:24 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1486 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:25:23 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1341 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:24:22 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (208.188.222.226,ftp(21))."
10/15/2006 9:24:19 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (208.188.222.226,ftp(21))."
10/15/2006 9:20:04 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1121 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:18:13 PM,An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
10/15/2006 9:17:07 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 9:16:17 PM,An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.
10/15/2006 9:15:38 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 9:15:36 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" is preparing to access the Internet.
10/15/2006 9:15:25 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 9:15:21 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 9:15:01 PM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/15/2006 9:14:57 PM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/15/2006 9:14:57 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1038 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:14:56 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,1036 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 9:14:55 PM,An instance of "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" is preparing to access the Internet.
10/15/2006 9:14:40 PM,An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.,An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.
10/15/2006 9:14:25 PM,Firewall configuration updated: 170 rules.,Firewall configuration updated: 170 rules.
10/15/2006 9:14:25 PM,NDIS filtering is enabled.,NDIS filtering is enabled.
10/15/2006 9:05:25 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 9:01:25 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:59:22 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:57:24 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:55:14 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:53:24 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:52:25 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (70.129.211.8,6346)."
10/15/2006 8:51:23 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:47:15 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:46:35 PM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/15/2006 8:46:23 PM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/15/2006 8:46:20 PM,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Norton AntiVirus\navw32.exe" is preparing to access the Internet.
10/15/2006 8:43:19 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:41:13 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:37:18 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:35:32 PM,An instance of "C:\WINDOWS\Explorer.EXE" is preparing to access the Internet.,An instance of "C:\WINDOWS\Explorer.EXE" is preparing to access the Internet.
10/15/2006 8:35:08 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:33:33 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (85.186.71.250,22)."
10/15/2006 8:33:29 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (85.186.71.250,22)."
10/15/2006 8:28:42 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 8:28:41 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" is preparing to access the Internet.
10/15/2006 8:28:27 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 8:26:41 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 8:26:02 PM,Unused port blocking has blocked communications.,"Unused port blocking has blocked communications. Inbound TCP connection. Remote address,local service is (4.179.224.90,6346)."
10/15/2006 8:25:02 PM,An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.,An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.
10/15/2006 8:25:01 PM,An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.,An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
10/15/2006 8:24:35 PM,Firewall configuration updated: 170 rules.,Firewall configuration updated: 170 rules.
10/15/2006 8:24:35 PM,NDIS filtering is enabled.,NDIS filtering is enabled.
10/15/2006 3:25:26 PM,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.,An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE" is preparing to access the Internet.
10/15/2006 3:18:44 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4838 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 3:13:43 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4836 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 3:08:42 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4659 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 3:07:46 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4648 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 3:07:34 PM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 85.255.115.4,domain(53)"
10/15/2006 3:07:34 PM,The following Symantec application was implicitly allowed to communicate:,"The following Symantec application was implicitly allowed to communicate: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Protocol: UDP Local IP address,port: LIVENGOOD(68.107.0.177),0 Remote IP address,port: 85.255.115.4,domain(53)"
10/15/2006 3:03:28 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4640 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 2:58:27 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4638 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 2:53:26 PM,The following Symantec application was implicitly allowed outbound TCP connection:,"The following Symantec application was implicitly allowed outbound TCP connection: Application: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Local IP address,port: 0.0.0.0,4636 Remote IP address,port: 68.6.19.2,pop3(110)"
10/15/2006 2:48:25 PM,The foll

#9 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 17 October 2006 - 02:37 PM

Hello DLivengood :thumbsup:

Copy and Paste this post into a new text document or print it out for reference.

Step 1

If those 06 entries were set using Norton then please leave them.

Please Re-Scan with HijackThis and place a "checkmark" next to this entry:

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.co...773218OneCC.cab

Make sure all browser and all Windows Explorer windows are closed and select "Fix checked". Exit Hijack This


Step 2

As all your logs appear to be showing clean now I would like to recommend that you "Disable" and then "Re-Enable" your System Restore

and please "Bookmark" these Tutorials on how to stay safe:

So how did I get infected in the first place
Simple and easy ways to keep your computer safe and secure on the Internet

ourwilly.

#10 DLivengood

DLivengood
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 17 October 2006 - 03:24 PM

our willy,
here is the latest (final) HJT log for this topic. I have enable system restore and actvated the Real Time protection features. Thank you for all your help. You are awesome.
Dave
:thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 1:03:52 PM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\HijackThis\abcd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124339267781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#11 DLivengood

DLivengood
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 17 October 2006 - 04:53 PM

our willy,
Somethings changed...now, each time I restart my computer, all of my Norton protection is disabled. "Security off, Firewall disabled, Intrusion...disabled and Privacy control is off.
Dave :thumbsup:

#12 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 18 October 2006 - 09:48 AM

Hello DLivengood

Can you please Uninstall and Then Reinstall your Norton Software

If you run into trouble with uninstalling it from your system please Use Internet Explorer and Visit
http://service1.symantec.com/Support/tsgen...src=con_ols_nam
The Norton Removal Tool will uninstall all Norton 2006/2005/2004/2003 products from your computer

Once you have done this please post a fresh HijackThis log

Thank you,
ourwilly. :thumbsup:

#13 DLivengood

DLivengood
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:02:58 AM

Posted 19 October 2006 - 01:06 AM

our willy
NAV stuff uninstalled andreinstalled. Here is the latest HiJack This log:

ogfile of HijackThis v1.99.1
Scan saved at 11:03:09 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\abcd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sandiego.cox.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124339267781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#14 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 19 October 2006 - 11:07 AM

Hello DLivengood

Your HijackThis log look's fine now

Like to recommend that you Reboot into Safe Mode and Defragment your system.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter 'Safe Mode' and once your system has been defragged Reboot back into Normal mode

Please let me know How your system is running now

If it is running well then I recommend you "Disable" and then "Re-Enable" your System Restore.

http://www.pchell.com/virus/systemrestore.shtml

ourwilly. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users