bloodhound.exploit.196 vista removal

Gateway / P-6822
December 11, 2009 at 21:19:01
Specs: Windows Vista
bloodhound.exploit.196 virus is on my laptop. I read the other thread about the same problem and solution,so I needed to start my own request for assistance

See More: bloodhound.exploit.196 vista removal

Report •


#1
December 12, 2009 at 07:59:48
ComboFix 09-12-11.05 - hillct 12/12/2009 8:42.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1135 [GMT -7:00]
Running from: c:\users\hillct\Desktop\Downloads\Norton\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-954648031-419757427-2791540538-500
c:\users\hillct\AppData\Local\Microsoft\Windows\Temporary Internet Files\output.xml
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\kr_done1
c:\windows\system32\logs
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-12 15:51 . 2009-12-12 15:54 -------- d-----w- c:\users\hillct\AppData\Local\temp
2009-12-12 15:51 . 2009-12-12 15:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-12-12 15:51 . 2009-12-12 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-12 15:51 . 2009-12-12 15:51 -------- d-----w- c:\users\chill\AppData\Local\temp
2009-12-12 15:51 . 2009-12-12 15:51 -------- d-----w- c:\users\Cam & Andre\AppData\Local\temp
2009-12-12 15:40 . 2009-12-12 15:41 -------- d-----w- C:\32788R22FWJFW
2009-12-12 05:09 . 2009-12-12 05:09 -------- d-----w- c:\programdata\NortonInstaller
2009-12-12 05:09 . 2009-12-12 05:09 -------- d-----w- c:\program files\NortonInstaller
2009-12-12 03:03 . 2009-12-11 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\CCERASER.DLL
2009-12-12 03:03 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\ECMSVR32.DLL
2009-12-12 03:03 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\NAVENG.SYS
2009-12-12 03:03 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\EECTRL.SYS
2009-12-12 03:03 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\NAVENG32.DLL
2009-12-12 03:03 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\NAVEX32A.DLL
2009-12-12 03:03 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\NAVEX15.SYS
2009-12-12 03:03 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091211.002\ERASER.SYS
2009-12-10 23:13 . 2009-12-12 05:19 1356 ----a-w- c:\users\hillct\AppData\Local\d3d9caps.dat
2009-12-10 01:31 . 2009-12-10 01:31 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-09 02:18 . 2009-12-09 02:20 -------- d-----w- c:\windows\system32\ca-ES
2009-12-09 02:18 . 2009-12-09 02:20 -------- d-----w- c:\windows\system32\eu-ES
2009-12-09 02:18 . 2009-12-09 02:20 -------- d-----w- c:\windows\system32\vi-VN
2009-12-09 01:28 . 2009-12-09 01:28 -------- d-----w- c:\windows\system32\EventProviders
2009-12-09 00:45 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-05 09:40 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\NAVEX32A.DLL
2009-12-05 09:40 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\ECMSVR32.DLL
2009-12-05 09:40 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\CCERASER.DLL
2009-12-05 09:40 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\NAVENG.SYS
2009-12-05 09:40 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\EECTRL.SYS
2009-12-05 09:40 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\NAVENG32.DLL
2009-12-05 09:40 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\NAVEX15.SYS
2009-12-05 09:40 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091204.037\ERASER.SYS
2009-12-04 03:24 . 2009-12-04 03:25 -------- d-----w- c:\programdata\WinZip
2009-12-04 02:52 . 2009-12-04 02:52 -------- d-----w- c:\program files\FreeTime
2009-12-03 15:15 . 2009-12-03 15:15 -------- d-----w- c:\program files\Apple Software Update
2009-11-25 00:37 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-25 00:37 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 00:37 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 00:36 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 04:54 . 2008-05-30 23:20 104195872 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-11 19:46 . 2007-10-09 01:44 -------- d-----w- c:\users\hillct\AppData\Roaming\Spare Backup
2009-12-11 19:45 . 2009-02-25 06:10 -------- d-----w- c:\programdata\VMware
2009-12-11 19:44 . 2008-05-30 23:08 115 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-11 19:27 . 2008-05-30 23:20 1391144 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-11 06:37 . 2008-04-19 16:24 -------- d-----w- c:\programdata\Google Updater
2009-12-10 05:41 . 2008-08-15 14:09 -------- d-----w- c:\users\hillct\AppData\Roaming\dvdcss
2009-12-09 02:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-09 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 02:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-09 02:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-09 02:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-09 02:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-09 02:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-09 02:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-09 02:10 . 2007-10-09 02:55 -------- d-----w- c:\program files\Common Files\Logishrd
2009-12-09 00:50 . 2007-09-12 18:46 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 00:26 . 2007-09-12 18:48 -------- d-----w- c:\program files\Microsoft Works
2009-12-07 14:36 . 2009-01-19 16:00 -------- d-----w- c:\users\hillct\AppData\Roaming\Skype
2009-12-03 18:23 . 2009-12-03 18:23 108253 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_03_04_22_28_small.dmp.zip
2009-12-03 18:23 . 2009-12-03 18:23 99521 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_03_04_08_13_small.dmp.zip
2009-12-03 18:18 . 2008-06-08 15:03 13121556 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-03 11:24 . 2009-12-03 11:24 3618304 ----a-w- c:\windows\Internet Logs\xDB48FB.tmp
2009-12-03 11:24 . 2009-12-03 11:24 14848 ----a-w- c:\windows\Internet Logs\xDB412D.tmp
2009-12-03 11:23 . 2009-12-03 11:24 3618304 ----a-w- c:\windows\Internet Logs\xDBCD08.tmp
2009-12-03 11:23 . 2009-12-03 11:24 12800 ----a-w- c:\windows\Internet Logs\xDBC4AE.tmp
2009-12-03 11:23 . 2009-12-03 11:23 13312 ----a-w- c:\windows\Internet Logs\xDB5F09.tmp
2009-12-03 11:23 . 2009-12-03 11:23 3618304 ----a-w- c:\windows\Internet Logs\xDB67C1.tmp
2009-12-03 11:22 . 2009-12-03 11:23 3618304 ----a-w- c:\windows\Internet Logs\xDBFF6D.tmp
2009-12-03 11:22 . 2009-12-03 11:23 1339392 ----a-w- c:\windows\Internet Logs\xDBF5AC.tmp
2009-11-30 22:12 . 2009-11-30 23:19 3611648 ----a-w- c:\windows\Internet Logs\xDBC9B4.tmp
2009-11-30 22:10 . 2009-11-30 22:10 92535 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_29_17_36_05_small.dmp.zip
2009-11-10 05:56 . 2009-11-10 05:53 45131016 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_08_17_30_15_full.dmp.zip
2009-11-03 03:42 . 2009-10-09 03:04 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 13:30 . 2009-11-02 13:30 95136 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_10_30_14_32_25_small.dmp.zip
2009-10-29 13:17 . 2009-10-29 21:34 256512 ----a-w- c:\windows\Internet Logs\xDB15E0.tmp
2009-10-28 04:29 . 2007-10-13 08:14 -------- d-----w- c:\programdata\DVD Shrink
2009-10-28 04:28 . 2007-11-30 18:24 -------- d-----w- c:\users\hillct\AppData\Roaming\RipIt4Me
2009-10-27 05:34 . 2009-03-17 00:10 -------- d-----w- c:\program files\Scriptocean
2009-10-27 05:34 . 2009-08-02 19:35 -------- d-----w- c:\program files\AVS4YOU
2009-10-27 05:34 . 2009-08-02 19:32 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-26 14:16 . 2009-10-27 04:33 276480 ----a-w- c:\windows\Internet Logs\xDB21D2.tmp
2009-10-23 05:04 . 2009-10-23 14:59 517632 ----a-w- c:\windows\Internet Logs\xDB3429.tmp
2009-10-19 08:00 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-10-14 01:30 . 2007-10-10 21:29 -------- d-----w- c:\programdata\Logishrd
2009-10-14 01:30 . 2007-10-10 21:29 -------- d-----w- c:\program files\Logitech
2009-10-14 01:23 . 2007-10-09 02:55 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-11 19:35 . 2009-10-12 04:18 1440768 ----a-w- c:\windows\Internet Logs\xDB43D2.tmp
2009-10-10 08:43 . 2007-10-09 01:43 102248 ----a-w- c:\users\hillct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-08 15:27 . 2009-10-09 02:14 2751488 ----a-w- c:\windows\Internet Logs\xDBFCC5.tmp
2009-09-28 13:41 . 2009-09-28 13:41 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-09-25 19:44 . 2009-09-26 03:11 1850880 ----a-w- c:\windows\Internet Logs\xDB41C0.tmp
2009-09-17 08:00 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-09-14 09:29 . 2009-10-14 02:56 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-06-19 14:02 . 2008-06-19 14:02 1290240 ----a-w- c:\program files\CruzerSync_v3_2_016.exe
2008-04-26 01:01 . 2008-04-26 01:01 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-22 23:15 . 2008-05-30 23:20 58453280 --sha-w- c:\windows\System32\drivers\fidbox(322).dat
2008-07-22 15:32 . 2008-05-30 23:20 19135008 --sha-w- c:\windows\System32\drivers\fidbox(429).dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-29 638976]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 29744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

c:\users\Cam & Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-7-31 260096]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-2-8 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^hillct^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hillct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 14:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-20 18:22 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-19 01:47 8720384 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-19 16:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-05-06 08:42 202088 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise]
2007-07-10 20:00 385024 ----a-w- c:\program files\Upromise\Upromise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update]
2007-07-10 20:00 147456 ----a-w- c:\program files\Upromise\UpromiseUa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-10-29 04:07 96816 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):af,75,3f,e1,77,78,ca,01

R3 MaplomL;MaplomL;c:\windows\System32\drivers\maploml.sys [7/30/2009 9:28 PM 43144]
S2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [10/28/2008 9:08 PM 54960]
S3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [11/27/2005 7:25 PM 31896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/11/2009 9:11 PM 102448]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/12/2007 11:49 AM 29744]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 3:25 AM 2589184]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 3:34 AM 122008]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [9/5/2008 7:28 AM 16896]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: ecsu.edu\ccam
Trusted Zone: ecsu.edu\webmail
Trusted Zone: turbotax.com
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://ccas.ecsu.edu/auth/CCALogin.CAB
FF - ProfilePath - c:\users\hillct\AppData\Roaming\Mozilla\Firefox\Profiles\yuct2d42.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=fyTWFDr6&q=
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-Yahoo! Pager - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-HijackThis - c:\users\hillct\AppData\Local\Temp\Temp1_hijackthis_199.zip\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 08:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{23df09a2-2a15-451b-9375-3a3c726d2fe9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00e0b8
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{30799795-c0cf-444e-9a2d-4599908ea5e9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001b77
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{5adca6a0-67e8-44b2-8d1d-6a234c29ee7f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00e0b8
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{67eb2b20-4d09-48c2-9fe5-a38b9eaf45b8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15800060
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{8563cae0-9038-40da-9577-d33aea191b29}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{b3a1214f-2227-4353-8c40-55bdba50cc8c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001b77
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-12-12 08:56:52
ComboFix-quarantined-files.txt 2009-12-12 15:56

Pre-Run: 37,404,639,232 bytes free
Post-Run: 38,533,398,528 bytes free

- - End Of File - - 5BFE28C2F9024415D316D555101F5295


Report •

#2
December 12, 2009 at 09:27:50
MALWAREBYTES ANTOI-MALWARE SCANN RESULTS:

Logfile of HijackThis v1.99.1
Scan saved at 9:20:17 AM, on 12/12/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Running processes:
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage....
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySp...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/Div...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/...
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySp...
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ccas.ecsu.edu/auth/CCALogin.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


Report •

#3
December 27, 2009 at 00:42:54
BloodHound.Exploit.196 is a trojan virus. heres a fix for it
http://darfuns.com/trojan-removal/b...

Report •

Related Solutions


Ask Question