GMER Log
GMER 1.0.15.15530 -
http://www.gmer.net
Rootkit quick scan 2010-12-19 17:01:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y120L0 rev.YAR41BW0
Running: xtzsw781.exe; Driver: C:\DOCUME~1\LOCALS~1\Temp\pxtdqpow.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
Malwarebytes Log
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5353
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/19/2010 10:12:37 PM
mbam-log-2010-12-19 (22-12-36).txt
Scan type: Full scan (C:\|)
Objects scanned: 325151
Time elapsed: 3 hour(s), 41 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2005 4:48:53 PM
System Uptime: 12/19/2010 4:54:57 PM (1 hours ago)
Motherboard: Intel Corporation | | D865GLC
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 2992/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 49.622 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1745: 9/21/2010 12:55:37 PM - System Checkpoint
RP1746: 9/22/2010 2:07:30 PM - System Checkpoint
RP1747: 9/23/2010 3:41:20 PM - System Checkpoint
RP1748: 9/24/2010 4:31:43 PM - System Checkpoint
RP1749: 9/25/2010 5:55:49 PM - System Checkpoint
RP1750: 9/26/2010 6:19:43 PM - System Checkpoint
RP1751: 9/27/2010 7:02:33 PM - System Checkpoint
RP1752: 9/28/2010 8:40:04 PM - System Checkpoint
RP1753: 9/29/2010 9:00:24 AM - Software Distribution Service 3.0
RP1754: 9/30/2010 10:26:32 AM - System Checkpoint
RP1755: 10/1/2010 10:50:56 AM - System Checkpoint
RP1756: 10/2/2010 3:05:39 PM - System Checkpoint
RP1757: 10/3/2010 4:26:32 PM - System Checkpoint
RP1758: 10/4/2010 4:38:27 PM - System Checkpoint
RP1759: 10/5/2010 5:02:27 PM - System Checkpoint
RP1760: 10/6/2010 5:14:27 PM - System Checkpoint
RP1761: 10/7/2010 5:50:29 PM - System Checkpoint
RP1762: 10/10/2010 12:44:45 AM - System Checkpoint
RP1763: 10/11/2010 2:19:43 AM - System Checkpoint
RP1764: 10/12/2010 2:43:43 AM - System Checkpoint
RP1765: 10/13/2010 3:40:09 AM - System Checkpoint
RP1766: 10/13/2010 9:00:29 AM - Software Distribution Service 3.0
RP1767: 10/14/2010 10:08:09 AM - System Checkpoint
RP1768: 10/15/2010 10:44:10 AM - System Checkpoint
RP1769: 10/16/2010 11:44:12 AM - System Checkpoint
RP1770: 10/17/2010 12:56:12 PM - System Checkpoint
RP1771: 10/18/2010 1:47:54 PM - System Checkpoint
RP1772: 10/19/2010 1:59:53 PM - System Checkpoint
RP1773: 10/20/2010 4:24:25 PM - System Checkpoint
RP1774: 10/21/2010 5:26:29 PM - System Checkpoint
RP1775: 10/22/2010 6:14:26 PM - System Checkpoint
RP1776: 10/23/2010 6:26:27 PM - System Checkpoint
RP1777: 10/25/2010 12:02:26 AM - System Checkpoint
RP1778: 10/26/2010 9:01:38 PM - System Checkpoint
RP1779: 10/27/2010 9:13:27 PM - System Checkpoint
RP1780: 10/28/2010 10:33:03 PM - System Checkpoint
RP1781: 10/29/2010 11:29:32 PM - System Checkpoint
RP1782: 10/31/2010 10:14:54 AM - System Checkpoint
RP1783: 11/1/2010 11:26:12 AM - System Checkpoint
RP1784: 11/2/2010 12:14:13 PM - System Checkpoint
RP1785: 11/3/2010 12:38:21 PM - System Checkpoint
RP1786: 11/4/2010 1:24:44 PM - System Checkpoint
RP1787: 11/5/2010 2:51:35 PM - System Checkpoint
RP1788: 11/6/2010 3:35:41 PM - System Checkpoint
RP1789: 11/7/2010 4:48:37 PM - System Checkpoint
RP1790: 11/8/2010 9:00:10 PM - System Checkpoint
RP1791: 11/9/2010 9:42:25 PM - System Checkpoint
RP1792: 11/10/2010 2:04:24 PM - Software Distribution Service 3.0
RP1793: 11/11/2010 4:01:29 PM - System Checkpoint
RP1794: 11/12/2010 4:36:28 PM - System Checkpoint
RP1795: 11/13/2010 4:50:24 PM - System Checkpoint
RP1796: 11/14/2010 5:14:24 PM - System Checkpoint
RP1797: 11/15/2010 6:26:22 PM - System Checkpoint
RP1798: 11/16/2010 7:14:24 PM - System Checkpoint
RP1799: 11/17/2010 8:18:24 PM - Installed Java(TM) 6 Update 22
RP1800: 11/17/2010 8:21:32 PM - Installed MSN Toolbar Setup
RP1801: 11/18/2010 11:41:01 PM - System Checkpoint
RP1802: 11/20/2010 12:16:57 AM - System Checkpoint
RP1803: 11/21/2010 1:37:13 AM - System Checkpoint
RP1804: 11/22/2010 2:37:10 AM - System Checkpoint
RP1805: 11/23/2010 3:38:42 AM - System Checkpoint
RP1806: 11/24/2010 3:39:42 AM - System Checkpoint
RP1807: 11/25/2010 5:12:58 AM - System Checkpoint
RP1808: 11/26/2010 5:24:57 AM - System Checkpoint
RP1809: 11/27/2010 6:12:56 AM - System Checkpoint
RP1810: 11/28/2010 7:07:12 AM - System Checkpoint
RP1811: 11/29/2010 8:07:10 AM - System Checkpoint
RP1812: 11/30/2010 8:55:10 AM - System Checkpoint
RP1813: 12/1/2010 5:41:20 PM - System Checkpoint
RP1814: 12/2/2010 6:04:27 PM - System Checkpoint
RP1815: 12/3/2010 6:07:55 PM - System Checkpoint
RP1816: 12/4/2010 7:51:23 PM - System Checkpoint
RP1817: 12/5/2010 8:42:33 PM - System Checkpoint
RP1818: 12/6/2010 9:56:56 PM - System Checkpoint
RP1819: 12/7/2010 11:18:34 PM - System Checkpoint
RP1820: 12/9/2010 3:01:45 PM - System Checkpoint
RP1821: 12/10/2010 5:03:11 PM - System Checkpoint
RP1822: 12/11/2010 5:49:39 PM - System Checkpoint
RP1823: 12/12/2010 6:01:12 PM - System Checkpoint
RP1824: 12/13/2010 6:01:38 PM - System Checkpoint
RP1825: 12/14/2010 7:14:41 PM - System Checkpoint
RP1826: 12/15/2010 8:01:41 PM - System Checkpoint
RP1827: 12/16/2010 9:00:28 AM - Software Distribution Service 3.0
RP1828: 12/17/2010 9:12:38 AM - System Checkpoint
RP1829: 12/18/2010 9:48:36 AM - System Checkpoint
RP1830: 12/19/2010 10:00:57 AM - System Checkpoint
==== Hosts File Hijack ======================
Hosts: 127.0.0.1
www.spywareinfo.com
Hosts: 173.232.149.92
www.google.com
Hosts: 173.232.149.92 google.com
Hosts: 173.232.149.92 google.com.au
Hosts: 173.232.149.92
www.google.com.au
Hosts: 173.232.149.92 google.be
Hosts: 173.232.149.92
www.google.be
Hosts: 173.232.149.92 google.com.br
Hosts: 173.232.149.92
www.google.com.br
Hosts: 173.232.149.92 google.ca
Hosts: 173.232.149.92
www.google.ca
Hosts: 173.232.149.92 google.ch
Hosts: 173.232.149.92
www.google.ch
Hosts: 173.232.149.92 google.de
Hosts: 173.232.149.92
www.google.de
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Adobe® Photoshop® Album Starter Edition 3.2
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATX / Kleinrock Tax Products (Remove Only)
ATX / Kleinrock Tax Products 2006 (Remove Only)
ATX XML Printer
Avery DesignPro
Avery Wizard 3.0
Bonjour
ComcastSUPPORT
Creative Driver
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
Draft Analyzer
Gateway Drivers and Applications Recovery
GoToMeeting 4.5.0.457
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 22
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 4.18.8
Logitech Desktop Messenger
Logitech MouseWare 9.79
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows User State Migration Tool version 2.6
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
Norton Internet Security 2006
Norton Security Suite
NVIDIA Windows 2000/XP Display Drivers
pdfFactory
Picasa 2
Picture Package
QuickTime
RealPlayer Basic
RitzPix E-Z Print & Share
Rummi 6.0.34
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Link 56K Modem
Snapshot Viewer
Sony Digital Voice Player Ver.2.1
Sony Picture Utility
Sony Player Plug-in for Windows Media Player
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
12/19/2010 5:07:04 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
12/19/2010 4:57:46 PM, error: System Error [1003] - Error code 10000050, parameter1 fd8fe018, parameter2 00000000, parameter3 ebb3fea8, parameter4 00000000.
12/19/2010 4:54:35 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 4:23:58 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/19/2010 4:23:58 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/17/2010 10:44:27 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000CF1905109 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/16/2010 10:44:22 PM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 000CF1905109 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/16/2010 1:28:37 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not allow the name to be claimed by this machine.
==== End Of File ===========================
DDS
DDS (Ver_10-12-12.02) - NTFSx86
Run at 17:06:40.70 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.59 [GMT -5:00]
AV: My Security Engine *Enabled/Updated* {B9957D53-70E8-4E46-99C7-84CF629C0FD8}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: My Security Engine *Enabled*
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Security Suite *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1187212991\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\whatever\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Norton Internet Security 2006: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - CNisExtBho Class
BHO: NAV Helper: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - CNavExtBho Class
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{0b53eac3-8d69-4b9e-9b19-a37c9a5676a7}
{c4069e3a-68f1-403e-b40e-20066696354b}
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [pdfFactory Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [HostManager] c:\program files\common files\aol\1187212991\ee\AOLSoftware.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
IE: &Add animation to IncrediMail Style Box - c:\progra~1\incred~1\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150504065499
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader41.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1
www.spywareinfo.com
Hosts: 173.232.149.92
www.google.com
Hosts: 173.232.149.92 google.com
Hosts: 173.232.149.92 google.com.au
Hosts: 173.232.149.92
www.google.com.au
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-28 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-28 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-28 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-28 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-28 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-3 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-28 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101215.001\IDSXpx86.sys [2010-12-16 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101219.003\NAVENG.SYS [2010-12-19 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101219.003\NAVEX15.SYS [2010-12-19 1360760]
S2 AIM;AIM;"c:\windows\aim.exe" --> c:\windows\aim.exe [?]
S3 rdriv;rdriv;\??\c:\windows\system32\rdriv.sys --> c:\windows\system32\rdriv.sys [?]
=============== Created Last 30 ================
2010-12-16 03:16:45 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 03:15:34 45568 -c----w- c:\windows\system32\dllcache\wab.exe
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 17:09:37.15 ===============