Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware attacking NETBios... vundo, Zlob

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware attacking NETBios... vundo, Zlob

Unread postby trevsdad » October 10th, 2007, 1:20 am

My streamed video (live, or on-demand) hangs shortly after it begins to play and freezes. This also happens with some audio and downloads tend to hang and freeze often too. I've swept and cleaned the computer repeatedly and tried changing my IP adress, but ZA shows activity (ingoing and outgoing) to my NETBios Session. I've seen names like Vundo and Zlob

Here's what I'm running....

HP media center w/ XP service pk 2 and 1GB of ram Verizon Fios

It feels as if something is choking off the stream or downloads shortly affter it gets to my computer. Any a idea what this could be? please help!!
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am
Advertisement
Register to Remove

Unread postby random/random » October 10th, 2007, 4:53 pm

I closed your other topic, please stick with this topic

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Here's the HJT log

Unread postby trevsdad » October 10th, 2007, 5:25 pm

Thanks for getting back to me. As I type this, I'm getting multiple alerts from ZA about attempts from something in my system that's trying to contact the outside...then something pings me.

Here's the log.

------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:45 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ShuttleEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2474.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9406020734
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ascraespce - Pinnacle Systems GmbH - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\WINDOWS\system32\ShuttleEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5956 bytes
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Here's the HJT log

Unread postby trevsdad » October 10th, 2007, 5:28 pm

Thanks for getting back to me. As I type this, I'm getting multiple alerts from ZA about attempts from something in my system that's trying to contact the outside...then something pings me.

Here's the log.

------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:45 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ShuttleEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2474.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9406020734
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ascraespce - Pinnacle Systems GmbH - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\WINDOWS\system32\ShuttleEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5956 bytes
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Unread postby random/random » October 11th, 2007, 12:27 pm

  • Download AVG Anti-rootkit from here
  • Double click on avgarkt-setup-1.1.0.42.exe to start the install of AVG Anti-rootkit
  • Click Next>
  • Click Next>
  • Click I agree
  • Click Next>
  • Click Install
  • Click Finish, your computer will now be restarted
  • Once your machine has restarted, doubleclick on the AVG Anti-rootkit shortcut on your desktop to start AVG Anti-rootkit
  • Click Perform in-depth search
  • Click Scan
  • Wait for the scan to complete
  • Right click in the middle of the window, and click Save results
  • Save it to the desktop as avgrk.csv
  • Use notepad to open that file, and post the contents as a reply to this topic

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

results

Unread postby trevsdad » October 11th, 2007, 7:16 pm

AVG Anti-rootkit registered no infections.

here are the results for DSS

Main.txt
-------------------
Deckard's System Scanner v20070905.67
Run by HP_Administrator on 2007-10-11 17:40:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2007-10-11 21:40:14 UTC - RP38 - Deckard's System Scanner Restore Point
37: 2007-10-09 23:54:52 UTC - RP37 - Installed Windows XP KB927891.
36: 2007-10-09 03:11:15 UTC - RP36 - Restore Operation
35: 2007-10-08 01:45:08 UTC - RP35 - ComboFix created restore point
34: 2007-10-07 03:38:59 UTC - RP34 - Configured AVG 7.5


-- First Restore Point --
1: 2007-09-15 17:27:34 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:47 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ShuttleEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2474.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9406020734
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ascraespce - Pinnacle Systems GmbH - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\WINDOWS\system32\ShuttleEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6615 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\hp_adm~1\locals~1\temp\catchme.sys (file missing)
S3 chdrvr01 (CH Control Manager Driver 1) - c:\windows\system32\drivers\chdrvr01.sys (file missing)
S3 chdrvr03 (CH Control Manager Driver 3) - c:\windows\system32\drivers\chdrvr03.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 SECYPUSB (SAMSUNG YEPP) - c:\windows\system32\drivers\secypusb.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 ShuttleEngine (Contour Shuttle Device Engine) - "c:\windows\system32\shuttleengine.exe" -run <Not Verified; Contour Design, Inc.; Contour Shuttle Service>

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 ccProxy (Symantec Network Proxy) - "c:\program files\common files\symantec shared\ccproxy.exe" (file missing)
S4 ISSVC - "c:\program files\norton internet security\issvc.exe" (file missing)
S4 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe" <Not Verified; element5; License Management Service ESD>
S4 SymWSC (SymWMI Service) - "c:\program files\common files\symantec shared\security center\symwsc.exe" (file missing)
S4 WPEServ - c:\program files\common files\wpe\wpeserv.exe <Not Verified; ; WPEServ Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-16 23:29:00 386 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-09-16 16:39:00 326 --a------ C:\WINDOWS\Tasks\WebReg officejet 5500 series.job
2007-09-14 14:33:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-09-12 11:56:34 1026 --ah----- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
2006-01-26 14:35:00 294 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2007-09-11 and 2007-10-11 -----------------------------

2007-10-11 17:01:54 0 d-------- C:\WINDOWS\LastGood
2007-10-11 10:13:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-10 17:12:25 0 d-------- C:\Program Files\Trend Micro
2007-10-10 08:25:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2007-10-10 01:50:02 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-10 01:40:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-10 01:40:46 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-10 01:26:45 1734 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-10 01:25:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-10 01:25:51 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-10 01:25:51 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-10 01:25:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-10 01:25:51 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-10 00:51:18 0 d-------- C:\Program Files\Enigma Software Group
2007-10-07 09:04:31 4380704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-06 23:46:26 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-06 23:46:11 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-10-06 12:36:43 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-10-04 23:09:54 0 d-------- C:\Program Files\CH Products(2)
2007-10-04 09:21:01 0 d-------- C:\ERDNT
2007-10-04 08:08:23 0 d--hs---- C:\Documents and Settings\LocalService\UserData
2007-10-04 08:08:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-10-04 08:07:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-10-04 08:07:05 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-10-03 23:30:42 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-03 14:09:54 175104 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-10-03 12:23:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-02 23:01:43 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-30 21:50:48 0 d-------- C:\Program Files\Lavasoft
2007-09-30 21:50:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-30 21:50:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-29 20:28:13 318 --a------ C:\delete.bat
2007-09-29 20:09:52 0 d-------- C:\Documents and Settings\HP_Administrator\.SunDownloadManager
2007-09-29 17:58:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2007-09-28 15:12:47 0 d-------- C:\b6c07156cbe30248578c710f0b0c30
2007-09-28 15:12:39 0 d-------- C:\ad60309ed8f85d266fed923a58d2
2007-09-28 11:00:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Pmcc
2007-09-28 10:58:46 0 d-------- C:\Program Files\Pmcc
2007-09-28 01:14:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-28 00:59:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sammsoft
2007-09-28 00:59:26 0 d-------- C:\Program Files\Advanced Registry Optimizer
2007-09-27 11:13:05 0 d-------- C:\Program Files\Research In Motion
2007-09-23 18:33:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Brightcove
2007-09-23 18:33:16 0 d-------- C:\Program Files\Brightcove
2007-09-19 19:20:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-09-19 19:10:01 0 d-------- C:\Program Files\illiminable
2007-09-19 19:09:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo
2007-09-19 19:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-09-19 19:06:23 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2007-09-19 18:48:04 0 d-------- C:\WINDOWS\FIOS
2007-09-19 18:48:04 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-09-14 23:47:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2007-09-14 22:24:28 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-14 22:24:17 0 d-------- C:\Program Files\MSECACHE
2007-09-14 16:27:29 0 d-------- C:\WINDOWS\LMI3.tmp
2007-09-14 15:59:41 23 --ahs---- C:\WINDOWS\system32\adbabca4_r.dll
2007-09-14 15:59:28 0 d-------- C:\Program Files\jv16 PowerTools 2007
2007-09-12 19:54:00 0 d-------- C:\WINDOWS\My Video Downloader
2007-09-12 19:01:06 9437184 --a------ C:\Documents and Settings\HP_Administrator\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2007-10-11 10:13:45 0 d-------- C:\Program Files\Google
2007-10-06 23:47:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-05 13:18:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2007-10-05 10:30:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-10-03 20:34:21 0 d-------- C:\Program Files\AviSynth 2.5
2007-09-30 21:50:25 0 d-------- C:\Program Files\Common Files
2007-09-30 20:50:58 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-27 17:28:50 3580 --a----c- C:\WINDOWS\mozver.dat
2007-09-27 11:12:22 0 d-------- C:\Program Files\Replay AV 8
2007-09-19 19:10:26 0 d-------- C:\Program Files\Yahoo!
2007-09-19 19:10:06 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-19 18:48:04 0 d-------- C:\Program Files\Verizon
2007-09-19 12:16:54 0 d-------- C:\Program Files\Contour Shuttle
2007-09-18 13:31:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2007-09-18 00:41:36 0 d-------- C:\Program Files\WMR11
2007-09-17 00:08:41 0 d-------- C:\Program Files\Java
2007-09-17 00:07:00 0 d-------- C:\Program Files\FA-18 Operation Iraqi Freedom
2007-09-17 00:05:12 0 d-------- C:\Program Files\Comcast Rhapsody
2007-09-16 02:23:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-12 19:53:39 0 d-------- C:\Program Files\Steam
2007-09-12 19:53:33 0 d-------- C:\Program Files\FAA Test Prep - Pvt v1.B.1.S
2007-09-12 19:01:50 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SharpReader
2007-09-12 18:45:21 0 d-------- C:\Program Files\Morpheus
2007-09-12 18:45:21 0 d-------- C:\Program Files\DesignPro
2007-09-12 17:40:31 0 d-------- C:\Program Files\Musicnotes
2007-08-18 00:12:26 0 d-------- C:\Program Files\Replay Converter
2007-08-18 00:12:25 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-08-15 20:01:49 0 d-------- C:\Program Files\eFax Messenger Plus 3.3
2007-08-05 01:41:01 507904 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; ; AISYSTEMS Setup>
2007-08-05 01:41:00 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-01 17:42:20 4 --a------ C:\WINDOWS\system32\2B395C


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/06/2007 11:39 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/11/2007 10:13 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/11/2007 12:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/11/2007 10:13:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Contour Shuttle Device Helper]
C:\Program Files\Contour Shuttle\ShuttleHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]
C:\Program Files\Smart Sound Recorder\RecSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
"C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"SymWSC"=2 (0x2)
"MDM"=2 (0x2)
"ISSVC"=2 (0x2)
"gusvc"=3 (0x3)
"ccProxy"=2 (0x2)
"WZCSVC"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"LightScribeService"=2 (0x2)
"License Management Service ESD"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FMSAdmin"=2 (0x2)
"FMS"=2 (0x2)
"Fax"=3 (0x3)
"Avg7Alrt"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ATI Smart"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SCardSvr"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"CryptSvc"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"NtLmSsp"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

*Newly Created Service* - AVGARCLN
*Newly Created Service* - AVG_ANTI-ROOTKIT



-- End of Deckard's System Scanner: finished at 2007-10-11 17:44:40 ------------

extra.txt
------------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1022.41 MiB / 505.78 MiB
Pagefile Memory (total/avail): 2447.26 MiB / 2042.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.72 MiB

C: is Fixed (NTFS) - 224.87 GiB total, 50.3 GiB free.
D: is Fixed (FAT32) - 8 GiB total, 1.41 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
N: is Fixed (NTFS) - 76.33 GiB total, 16.77 GiB free.

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB - D:
\PARTITION1 (bootable) - Installable File System - 224.87 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - HP photosmart 7700 USB Device

\\.\PHYSICALDRIVE5 - Maxtor 6 Y080L0 USB Device - 76.33 GiB - 1 partition
\PARTITION0 - Installable File System - 76.33 GiB - N:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
FW: Norton Internet Security v2005 (Symantec Corporation)
AV: AVG 7.5.488 v7.5.488 (GRISOFT)
AV: Norton Internet Security v2005 (Symantec Corporation) Disabled Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEWHP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\NEWHP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=NEWHP
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
MCX1
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AAA Logo 1.21 --> "C:\Program Files\AAALOGO\unins000.exe"
Active@ UNDELETE --> C:\PROGRA~1\ACTIVE~1\ACTIVE~1\UNWISE.EXE C:\PROGRA~1\ACTIVE~1\ACTIVE~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat Connect Add-in --> C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x0\connectaddin6x0.exe -uninstall
Adobe After Effects 6.0 --> MsiExec.exe /I{1EC60864-A294-44BF-984A-3E8867D74EA2}
Adobe Encore DVD 1.5 --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BD31B80-7E9E-4FAF-B911-0AC31FB94BF6}\setup.exe" -l0x0009
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AOPA's Real-Time Flight Planner 1.2.2 --> c:\Jeppesen\RTFPClient\Uninstall.exe
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ArcSoft ShowBiz DVD 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE636486-7E13-4051-9067-AFC4E1B8F54E}\Setup.exe" -l0x9
ArcSoft ShowBiz DVD 2.0 (Shared Components) --> C:\Program Files\Common Files\element5 Shared\Uninstall\ArcSoft ShowBiz DVD 20\B2DD9000\UninstApplet.exe /uninstall
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{4DBDFA88-ECC5-4506-BD67-C5D44DC23001}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
Brightcove Publishpod --> MsiExec.exe /I{570549C9-AA56-45FD-B291-4B7217EC5361}
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Business Plan Pro 2006 --> MsiExec.exe /X{6450335D-D87C-4003-812F-7E879866A74E}
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Contour Shuttle --> "C:\Program Files\Contour Shuttle\Uninstall.exe" "C:\Program Files\Contour Shuttle\install.log"
CuteFTP 6 Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}
CuteFTP 7 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
Diagram Designer --> C:\Program Files\MeeSoft\DiagramDesigner\Uninstall.exe
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVDx --> "C:\Program Files\DVDx\unins000.exe"
DVRMSToolbox --> MsiExec.exe /I{53885844-2604-4C08-9F67-1DD9C70D8513}
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eFax Messenger Plus 3.3 --> "C:\Program Files\eFax Messenger Plus 3.3\Uninstall.exe" "C:\Program Files\eFax Messenger Plus 3.3\J2GInstall.log"
eMusic Download Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\eMusic Download Manager\Uninst.isu"
exPressit S.E. 2.2 --> "C:\Program Files\exPressit S.E. 2.2\UninstallerData\Uninstall exPressit S.E. 2.2.exe"
EZRound --> C:\Program Files\LANSRAD\EZRound\Uninst.exe /U "C:\Program Files\LANSRAD\EZRound\uninst.log"
F/A-18 Korea --> C:\PROGRA~1\Korea\UNWISE.EXE C:\PROGRA~1\Korea\INSTALL.LOG
FAA Test Prep - Pvt v1.B.1.S --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\FAA Test Prep - Pvt v1.B.1.S\ST6UNST.LOG"
Final Draft 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Final Draft 5\uninstal.log
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Image Zone Plus 4.8.6 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
hp photosmart 7700 series --> rundll32 hpzcon09.dll,VendorJettison hp photosmart 7700 series
HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Tunes --> MsiExec.exe /X{6512B303-F989-4C13-B9F6-A99989E4ED54}
HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iolo technologies' System Mechanic 4 --> C:\PROGRA~1\iolo\SYSTEM~1\UNWISE.EXE C:\PROGRA~1\iolo\SYSTEM~1\INSTALL.LOG
iPod 2 iPod --> MsiExec.exe /I{E69787DB-D427-4590-B148-EAC9F7E4116D}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jv16 PowerTools 2007 --> "C:\Program Files\jv16 PowerTools 2007\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_1b401cc\Setup.exe /APR-REMOVE
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Media Center Extender --> c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Media Center Karaoke Plug-in --> MsiExec.exe /I{348054A0-6F9A-4EF9-BBB0-827C14C20D86}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Voice Command US SP 1.60 for M2M --> MsiExec.exe /X{552AB2E8-AB96-4856-9D47-15BFBDE0EC48}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MOBILedit! 2.4 --> RunDll32 C:\PROGRA~1\MOBILE~2\Setup\Setup.dll,RemoveOnly
MobileVoiceControl --> "C:\VoiceControl\uninstall.exe"
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Musicnotes Player V1.22.2 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
muvee autoProducer unPlugged - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9
On2 Technologies Flix Pro 8.005 --> C:\WINDOWS\unvise32.exe C:\Program Files\On2 Technologies\Flix Pro\uninstal.log
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Palo Alto Software's Application Manager 8.2 --> MsiExec.exe /X{BAD00139-E284-4F6C-AA94-FB637462DEEB}
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
PDF Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B2F9A84-7E8C-4BD6-991C-CD41DBA4289C}\setup.exe" -l0x9
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini"
Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\iruninRCV.ini"
Replay Music 2.4 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Music 2\irunin.ini"
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SharpReader 0.9.7.0 --> "C:\Program Files\SharpReader\unins000.exe"
SmartSound Common Data --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SmartSound Sonicfire Pro 3 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77228B58-3A7F-40C1-97E9-0488707DC3C2}
SmartSound Sonicfire Pro 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9AD30CFC-FB11-446D-80B7-BCA87DD1D45B}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
SureThing CD Labeler 4 SE --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
SWiSHvideo2 --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHvideo2\uninstal.log
The Print Shop 21 --> MsiExec.exe /I{1B06427F-1845-44E2-9022-AA630EBFF817}
Total Video Converter 3.01 --> "C:\Program Files\Total Video Converter\unins000.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
TurboTax Business 2005 --> C:\Documents and Settings\HP_Administrator\Desktop\TurboTax Business 2005\TaxUnst.EXE "C:\Documents and Settings\HP_Administrator\Desktop\TurboTax Business 2005\Uninstall.log" -NoGui
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Verizon FiOS Activation --> "C:\WINDOWS\FIOS\unins000.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon Servicepoint 1.5.12 --> "C:\Program Files\Verizon\VSP\unins000.exe"
Verizon Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
VSO CopyToDVD 3 --> "C:\Program Files\VSO\unins000.exe"
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition Screen Saver Screen Saver --> C:\WINDOWS\system32\WINDOW~1.SCR /U
WingMan Software --> MsiExec.exe /X{1189284F-0556-47E5-8DCD-F8BF3176F4EA}
WingX --> C:\Program Files\Microsoft ActiveSync\WingX\Uninstall.exe WingX
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinWay Resume Deluxe --> MsiExec.exe /x{6AA134D3-1B9F-448C-8AED-353F14E2C6A1}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2007-10-11 17:44:40 ------------
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Unread postby random/random » October 12th, 2007, 3:11 pm

  • Download AVG Anti-rootkit from here
  • Double click on avgarkt-setup-1.1.0.42.exe to start the install of AVG Anti-rootkit
  • Click Next>
  • Click Next>
  • Click I agree
  • Click Next>
  • Click Install
  • Click Finish, your computer will now be restarted
  • Once your machine has restarted, doubleclick on the AVG Anti-rootkit shortcut on your desktop to start AVG Anti-rootkit
  • Click Perform in-depth search
  • Click Scan
  • Wait for the scan to complete
  • Right click in the middle of the window, and click Save results
  • Save it to the desktop as avgrk.csv
  • Use notepad to open that file, and post the contents as a reply to this topic

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with the avg antirootkit log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

more logs...

Unread postby trevsdad » October 12th, 2007, 6:36 pm

Thanks for the help. Sorry, I don't think I made this clear in my last reply, but the AVG Anti-Rootkit revealed no infections so there was no log generated...just a screen that said, "...Congratulations, there were no installed rootkits on your computer."

BTW, the Eset scan took forever to load and complete. I had to keep reloading the page untill it finally all came down. The hanging download is symptomatic of the overall problem...if that helps.

[b]meanwhile...here are the other logs you asked for.



Eset scanner log

----------------begin--------------------------
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2590 (20071012)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9080e123af4867449e1501cab315a842
# end=stopped
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-10-12 09:35:37
# local_time=2007-10-12 05:35:37 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=0
# found=0
# scan_time=0
---------------end--------------------------------



new HiJackThis log
--------------start--------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:18 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ShuttleEngine.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\hb5pu3tSVbF.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2474.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9406020734
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ascraespce - Pinnacle Systems GmbH - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\WINDOWS\system32\ShuttleEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6526 bytes
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Unread postby random/random » October 13th, 2007, 7:02 am

  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

gmer logs

Unread postby trevsdad » October 13th, 2007, 12:27 pm

Here's the gmerrk.txt log

--------------begin---------------

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-13 12:16:10
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 70, 42, E1, B6, 20, A5, E1, ... ]
? srescan.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A0297 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A0218 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A025C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A01A4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A01DE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A02D2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\internet explorer\iexplore.exe[2788] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F3164E C:\WINDOWS\system32\IEFRAME.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6E189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6E18F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6E19070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E18B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E18B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6E189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6E18F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6E19070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6E189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6E19070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6E18F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6E18B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6E19070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6E18F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6E189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E18B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6E189F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6E18F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6E19070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B6E19070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B6E18F10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E18B60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B6E189F0] \SystemRoot\System32\vsdatant.sys

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F74281DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F74281DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7428454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F74281DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7B70404] avg7rsw.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E25CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B6E25CC0] vsdatant.sys

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F74281DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F74281DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7428454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F74281DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F741BF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7B70404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7B70404] avg7rsw.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x0B 0x9F 0xAB 0x06 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0x0B 0x9F 0xAB 0x06 ...

---- EOF - GMER 1.0.13 ----


Here's the gmerautos.txt log

--------------begin---------------

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-10-13 12:17:52
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
igfxcui@DLLName = igfxdev.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice /*Ad-Aware 2007 Service*/@ = "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
ehRecvr /*Media Center Receiver Service*/@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched /*Media Center Scheduler Service*/@ = C:\WINDOWS\eHome\ehSched.exe
McrdSvc /*Media Center Extender Service*/@ = C:\WINDOWS\ehome\mcrdsvc.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
RMSvc /*Media Center Extender Resource Monitor*/@ = C:\WINDOWS\ehome\RMSvc.exe
ShuttleEngine /*Contour Shuttle Device Engine*/@ = "C:\WINDOWS\system32\ShuttleEngine.exe" -run
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe
WMPNetworkSvc /*Windows Media Player Network Sharing Service*/@ = "C:\Program Files\Windows Media Player\WMPNetwk.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} /*CopyToCD shell extension*/C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL = C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG7\avgse.dll = C:\Program Files\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG7\avgse.dll = C:\Program Files\Grisoft\AVG7\avgse.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{6ec2e0e3-1116-4d47-b0c2-5bdaf4e4c308} /*eFax Messenger Plus - Shell Extension*/C:\Program Files\eFax Messenger Plus 3.3\J2GShell.dll = C:\Program Files\eFax Messenger Plus 3.3\J2GShell.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MI3AA1~1\Wcesview.dll = C:\PROGRA~1\MI3AA1~1\Wcesview.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\Ymmapi.dll = C:\Program Files\Yahoo!\Common\Ymmapi.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/C:\PROGRA~1\TROJAN~1.0\contmenu.dll = C:\PROGRA~1\TROJAN~1.0\contmenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
CopyToCD@{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL
HotShellExt@{6EC2E0E3-1116-4d47-B0C2-5BDAF4E4C308} = C:\Program Files\eFax Messenger Plus 3.3\J2GShell.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\Ymmapi.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
CopyToCD@{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
CopyToCD@{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll = C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar1.dll = c:\program files\google\googletoolbar1.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
@{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll = C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://verizon.yahoo.com = http://verizon.yahoo.com
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
cetihpz@CLSID = C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.13 ----
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Unread postby random/random » October 13th, 2007, 1:10 pm

Please have a look in zonealarm and see if you can find a log that you can post
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

ZA logs

Unread postby trevsdad » October 13th, 2007, 1:30 pm

Here are the logs from the past week 10/8 - 10/13

10/8

----------begin---------------------

ZoneAlarm Logging Client v7.0.408.000
Windows XP-5.1.2600-Service Pack 2-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
PE,2007/10/07,09:08:34 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,127.0.0.1:1047,N/A
PE,2007/10/07,09:08:36 -4:00 GMT,YCommon Exe Module,C:\Program Files\Yahoo!\browser\ycommon.exe,216.109.116.189:0,N/A
ACCESS,2007/10/07,09:08:42 -4:00 GMT,Internet Explorer was temporarily blocked from connecting to the local zone (127.0.0.1:Port 1047).,N/A,N/A
ACCESS,2007/10/07,09:08:42 -4:00 GMT,Internet Explorer was temporarily blocked from connecting to the Internet (66.196.98.251:HTTP).,N/A,N/A
ACCESS,2007/10/07,09:08:42 -4:00 GMT,Internet Explorer was temporarily blocked from connecting to the Internet (69.147.114.120:HTTP).,N/A,N/A
ACCESS,2007/10/07,09:08:44 -4:00 GMT,YCommon Exe Module was temporarily blocked from connecting to the Internet (216.109.116.189).,N/A,N/A
ACCESS,2007/10/07,09:08:44 -4:00 GMT,YCommon Exe Module was temporarily blocked from connecting to the Internet (69.147.114.120:HTTP).,N/A,N/A
PE,2007/10/07,09:09:10 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,127.0.0.1:1061,N/A
PE,2007/10/07,09:09:16 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,66.196.98.251:80,N/A
PE,2007/10/07,09:11:02 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,127.0.0.1:1155,N/A
PE,2007/10/07,09:11:04 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,66.196.98.251:80,N/A
PE,2007/10/07,09:41:00 -4:00 GMT,AVG Update downloader,C:\Program Files\Grisoft\AVG7\avginet.exe,209.73.188.78:53,N/A
ACCESS,2007/10/07,09:51:24 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (192.168.1.3:Port 1034).,N/A,N/A
FWIN,2007/10/07,09:51:38 -4:00 GMT,192.168.1.3:1036,192.168.1.4:139,TCP (flags:S)
PE,2007/10/07,09:51:48 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,192.168.1.2:53,N/A
FWIN,2007/10/07,09:52:32 -4:00 GMT,192.168.1.3:1039,192.168.1.4:139,TCP (flags:S)
FWOUT,2007/10/07,09:53:00 -4:00 GMT,192.168.1.4:138,192.168.1.3:138,UDP
ZLUpdate,2007/10/07,09:53:10 -4:00 GMT,,,Auto
ZLUpdate,2007/10/07,09:53:14 -4:00 GMT,,,Auto
FWIN,2007/10/07,10:04:54 -4:00 GMT,192.168.1.3:1055,192.168.1.4:139,TCP (flags:S)
FWOUT,2007/10/07,10:11:48 -4:00 GMT,192.168.1.4:1231,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,10:44:00 -4:00 GMT,192.168.1.4:1235,192.168.1.2:445,TCP (flags:S)
PE,2007/10/07,11:08:14 -4:00 GMT,AVG Anti-Spyware,C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe,192.168.1.2:53,N/A
FWOUT,2007/10/07,11:48:14 -4:00 GMT,192.168.1.4:1244,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,12:20:26 -4:00 GMT,192.168.1.4:1247,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,12:52:40 -4:00 GMT,192.168.1.4:1250,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,13:24:52 -4:00 GMT,192.168.1.4:1253,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,13:57:06 -4:00 GMT,192.168.1.4:1256,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,14:29:18 -4:00 GMT,192.168.1.4:1259,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,15:01:32 -4:00 GMT,192.168.1.4:1262,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,16:05:44 -4:00 GMT,192.168.1.4:1266,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,16:37:58 -4:00 GMT,192.168.1.4:1269,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,17:10:10 -4:00 GMT,192.168.1.4:1272,192.168.1.2:445,TCP (flags:S)
PE,2007/10/07,17:57:50 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,127.0.0.1:1276,N/A
PE,2007/10/07,17:57:52 -4:00 GMT,YCommon Exe Module,C:\Program Files\Yahoo!\browser\ycommon.exe,216.109.116.189:0,N/A
FWOUT,2007/10/07,17:57:54 -4:00 GMT,192.168.1.4:1076,192.168.1.1:53,UDP
PE,2007/10/07,17:58:20 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,209.87.209.54:80,N/A
ACCESS,2007/10/07,17:58:56 -4:00 GMT,YCommon Exe Module was temporarily blocked from connecting to the Internet (216.109.116.189).,N/A,N/A
ACCESS,2007/10/07,17:58:56 -4:00 GMT,YCommon Exe Module was temporarily blocked from connecting to the Internet (69.147.114.120:HTTP).,N/A,N/A
FWOUT,2007/10/07,18:14:22 -4:00 GMT,192.168.1.4:1461,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,18:46:36 -4:00 GMT,192.168.1.4:1628,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/07,19:18:48 -4:00 GMT,192.168.1.4:1887,192.168.1.2:445,TCP (flags:S)
FWIN,2007/10/07,19:25:26 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
PE,2007/10/07,19:44:44 -4:00 GMT,GoogleToolbarNotifier,C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe,64.233.169.103:80,N/A
FWOUT,2007/10/07,19:51:02 -4:00 GMT,192.168.1.4:1963,192.168.1.2:445,TCP (flags:S)
ACCESS,2007/10/07,20:13:12 -4:00 GMT,GoogleToolbarNotifier was temporarily blocked from connecting to the Internet (64.233.169.103:HTTP).,N/A,N/A
FWOUT,2007/10/07,20:18:06 -4:00 GMT,192.168.1.4:1076,192.168.1.1:53,UDP
PE,2007/10/07,20:23:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,20:23:56 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,20:24:00 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,20:24:00 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,20:24:04 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:24:06 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/07,20:24:06 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/07,20:24:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:24:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:25:00 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:25:00 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:25:02 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:25:02 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,20:25:06 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1041,N/A
ACCESS,2007/10/07,20:25:06 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1041); access was denied.,N/A,N/A
PE,2007/10/07,20:25:06 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1042,N/A
ACCESS,2007/10/07,20:25:06 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1042); access was denied.,N/A,N/A
PE,2007/10/07,20:25:32 -4:00 GMT,ActiveSync RAPI Manager,C:\Program Files\Microsoft ActiveSync\rapimgr.exe,0.0.0.0:990,N/A
PE,2007/10/07,20:26:02 -4:00 GMT,AVG Anti-Spyware,C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe,209.87.209.44:53,N/A
FWIN,2007/10/07,20:38:52 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/07,20:38:56 -4:00 GMT,192.168.1.3:2858,192.168.1.4:445,TCP (flags:S)
PE,2007/10/07,20:41:14 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,192.168.1.2:53,N/A
ZLUpdate,2007/10/07,20:42:30 -4:00 GMT,,,Auto
ZLUpdate,2007/10/07,20:42:34 -4:00 GMT,,,Auto
PE,2007/10/07,20:43:56 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,127.0.0.1:1057,N/A
PE,2007/10/07,20:44:02 -4:00 GMT,Internet Explorer,C:\Program Files\Internet Explorer\iexplore.exe,66.196.98.251:80,N/A
PE,2007/10/07,20:44:24 -4:00 GMT,YCommon Exe Module,C:\Program Files\Yahoo!\browser\ycommon.exe,216.109.116.189:0,N/A
PE,2007/10/07,21:13:30 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,21:13:30 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,21:13:34 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,21:13:34 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,21:13:36 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:13:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/07,21:13:40 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/07,21:14:32 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:14:34 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:14:36 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:14:36 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:14:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:14:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:14:42 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1041,N/A
ACCESS,2007/10/07,21:14:42 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1041); access was denied.,N/A,N/A
PE,2007/10/07,21:14:42 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1042,N/A
ACCESS,2007/10/07,21:14:42 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1042); access was denied.,N/A,N/A
PE,2007/10/07,21:15:00 -4:00 GMT,ActiveSync RAPI Manager,C:\Program Files\Microsoft ActiveSync\rapimgr.exe,0.0.0.0:990,N/A
PE,2007/10/07,21:15:34 -4:00 GMT,AVG Anti-Spyware,C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe,209.87.209.44:53,N/A
PE,2007/10/07,21:18:50 -4:00 GMT,YCommon Exe Module,C:\Program Files\Yahoo!\browser\ycommon.exe,216.109.116.189:0,N/A
PE,2007/10/07,21:25:34 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,21:25:34 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,21:25:36 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,21:25:36 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,21:25:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:25:42 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/07,21:25:42 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/07,21:26:34 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:26:34 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:26:36 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:26:36 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:26:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:26:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:26:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1048,N/A
ACCESS,2007/10/07,21:26:44 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1048); access was denied.,N/A,N/A
PE,2007/10/07,21:26:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1049,N/A
ACCESS,2007/10/07,21:26:44 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1049); access was denied.,N/A,N/A
FWIN,2007/10/07,21:43:16 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/07,21:43:20 -4:00 GMT,192.168.1.3:2868,192.168.1.4:445,TCP (flags:S)
PE,2007/10/07,21:53:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,21:53:44 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,21:53:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/07,21:53:46 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/07,21:53:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:53:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/07,21:53:52 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/07,21:54:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:54:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:54:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:54:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:54:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:54:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/07,21:54:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1046,N/A
ACCESS,2007/10/07,21:54:52 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1046); access was denied.,N/A,N/A
PE,2007/10/07,21:54:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1047,N/A
ACCESS,2007/10/07,21:54:52 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1047); access was denied.,N/A,N/A
FWIN,2007/10/07,22:15:32 -4:00 GMT,192.168.1.3:2878,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/07,22:15:32 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/07,22:15:36 -4:00 GMT,192.168.1.3:2877,192.168.1.4:445,TCP (flags:S)
PE,2007/10/07,22:26:18 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,209.87.209.208:53,N/A
ZLUpdate,2007/10/07,22:27:38 -4:00 GMT,,,Auto
ZLUpdate,2007/10/07,22:27:42 -4:00 GMT,,,Auto
FWIN,2007/10/07,22:47:44 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/07,22:47:50 -4:00 GMT,192.168.1.3:2882,192.168.1.4:445,TCP (flags:S)
PE,2007/10/07,23:06:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
FWOUT,2007/10/07,23:08:56 -4:00 GMT,192.168.1.4:1224,192.168.1.2:445,TCP (flags:S)
FWIN,2007/10/07,23:17:22 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
FWIN,2007/10/07,23:20:00 -4:00 GMT,192.168.1.3:2907,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/07,23:20:00 -4:00 GMT,69.125.214.170:3074,192.168.1.4:3074,UDP
FWIN,2007/10/07,23:20:04 -4:00 GMT,192.168.1.3:2906,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/07,23:35:26 -4:00 GMT,64.237.165.140:3074,192.168.1.4:3074,UDP
FWIN,2007/10/07,23:41:04 -4:00 GMT,208.120.112.174:25888,192.168.1.4:3074,UDP
FWIN,2007/10/07,23:52:12 -4:00 GMT,192.168.1.3:2913,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/07,23:52:12 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/07,23:52:18 -4:00 GMT,192.168.1.3:2912,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/08,00:24:26 -4:00 GMT,192.168.1.3:2918,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,00:24:26 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,00:24:32 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
FWIN,2007/10/08,00:24:34 -4:00 GMT,192.168.1.3:2917,192.168.1.4:445,TCP (flags:S)
PE,2007/10/08,01:10:08 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,01:10:08 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,01:10:12 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,01:10:12 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,01:10:14 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:10:18 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1027,N/A
ACCESS,2007/10/08,01:10:18 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1027); access was denied.,N/A,N/A
PE,2007/10/08,01:11:08 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:11:08 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:11:12 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:11:12 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:11:14 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:11:14 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,01:11:18 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1041,N/A
ACCESS,2007/10/08,01:11:18 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1041); access was denied.,N/A,N/A
PE,2007/10/08,01:11:18 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1042,N/A
ACCESS,2007/10/08,01:11:18 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1042); access was denied.,N/A,N/A
PE,2007/10/08,01:19:34 -4:00 GMT,Flash UltraShim,C:\WINDOWS\system32\Macromed\Download\Download.exe,72.246.122.70:53,N/A
PE,2007/10/08,01:26:04 -4:00 GMT,Flash UltraShim,C:\WINDOWS\system32\Macromed\Download\Download.exe,72.246.122.70:53,N/A
PE,2007/10/08,01:26:52 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,216.66.26.152:53,N/A
ZLUpdate,2007/10/08,01:28:10 -4:00 GMT,,,Auto
ZLUpdate,2007/10/08,01:28:14 -4:00 GMT,,,Auto
FWOUT,2007/10/08,07:12:38 -4:00 GMT,192.168.1.4:1030,192.168.1.1:53,UDP
ACCESS,2007/10/08,08:15:28 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (192.168.1.3:Port 1034).,N/A,N/A
FWIN,2007/10/08,08:15:36 -4:00 GMT,192.168.1.3:1036,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,08:16:28 -4:00 GMT,192.168.1.3:1077,192.168.1.4:139,TCP (flags:S)
FWOUT,2007/10/08,08:17:10 -4:00 GMT,192.168.1.4:138,192.168.1.3:138,UDP
FWIN,2007/10/08,08:17:20 -4:00 GMT,192.168.1.3:1113,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,08:18:20 -4:00 GMT,192.168.1.3:1121,192.168.1.4:139,TCP (flags:S)
FWOUT,2007/10/08,08:53:30 -4:00 GMT,192.168.1.4:1030,192.168.1.1:53,UDP
FWOUT,2007/10/08,08:53:32 -4:00 GMT,192.168.1.4:1052,192.168.1.1:53,UDP
PE,2007/10/08,08:56:42 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,08:56:42 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,08:56:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,08:56:46 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,08:56:48 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:56:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/08,08:56:56 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/08,08:57:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:57:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:57:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:57:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:57:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:57:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,08:57:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1040,N/A
ACCESS,2007/10/08,08:57:56 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1040); access was denied.,N/A,N/A
PE,2007/10/08,08:57:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1041,N/A
ACCESS,2007/10/08,08:57:56 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1041); access was denied.,N/A,N/A
FWOUT,2007/10/08,08:58:36 -4:00 GMT,192.168.1.4:1045,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,09:01:02 -4:00 GMT,192.168.1.4:1050,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/08,09:08:18 -4:00 GMT,192.168.1.3:1640,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,09:08:18 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,09:08:22 -4:00 GMT,192.168.1.3:1639,192.168.1.4:445,TCP (flags:S)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
FWOUT,2007/10/08,09:11:58 -4:00 GMT,192.168.1.4:1166,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,09:12:48 -4:00 GMT,192.168.1.4:1168,192.168.1.3:139,TCP (flags:S)
PE,2007/10/08,09:13:12 -4:00 GMT,Microsoft(C) Register Server,C:\WINDOWS\system32\regsvr32.exe,216.66.33.65:53,N/A
PE,2007/10/08,09:13:24 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,64.233.169.99:53,N/A
FWOUT,2007/10/08,09:13:28 -4:00 GMT,192.168.1.4:1173,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,09:14:18 -4:00 GMT,192.168.1.4:1175,192.168.1.3:139,TCP (flags:S)
ZLUpdate,2007/10/08,09:14:30 -4:00 GMT,,,Auto
ZLUpdate,2007/10/08,09:14:34 -4:00 GMT,,,Auto
PE,2007/10/08,09:17:20 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,09:17:20 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,09:17:22 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,09:17:22 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,09:17:26 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:17:28 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1027,N/A
ACCESS,2007/10/08,09:17:28 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1027); access was denied.,N/A,N/A
PE,2007/10/08,09:18:20 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:18:20 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:18:24 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:18:24 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:18:28 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:18:28 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,09:18:30 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1040,N/A
ACCESS,2007/10/08,09:18:30 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1040); access was denied.,N/A,N/A
PE,2007/10/08,09:18:30 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1041,N/A
ACCESS,2007/10/08,09:18:30 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1041); access was denied.,N/A,N/A
FWOUT,2007/10/08,09:19:12 -4:00 GMT,192.168.1.4:1045,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,09:21:38 -4:00 GMT,192.168.1.4:1051,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,09:34:04 -4:00 GMT,192.168.1.4:1176,192.168.1.3:139,TCP (flags:S)
PE,2007/10/08,09:34:38 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,209.191.93.51:53,N/A
ZLUpdate,2007/10/08,09:35:52 -4:00 GMT,,,Auto
ZLUpdate,2007/10/08,09:35:56 -4:00 GMT,,,Auto
FWIN,2007/10/08,09:40:30 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,09:40:30 -4:00 GMT,192.168.1.3:1642,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,09:40:34 -4:00 GMT,192.168.1.3:1641,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/08,09:46:30 -4:00 GMT,192.168.1.4:1236,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,09:58:54 -4:00 GMT,192.168.1.4:1266,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,10:11:20 -4:00 GMT,192.168.1.4:1428,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/08,10:12:42 -4:00 GMT,192.168.1.3:1648,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,10:12:42 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,10:12:46 -4:00 GMT,192.168.1.3:1647,192.168.1.4:445,TCP (flags:S)
PE,2007/10/08,10:34:38 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,10:34:38 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,10:34:42 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,10:34:42 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,10:34:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:34:48 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/08,10:34:48 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/08,10:35:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:35:40 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:35:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:35:44 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:35:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:35:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,10:35:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1035,N/A
ACCESS,2007/10/08,10:35:50 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1035); access was denied.,N/A,N/A
PE,2007/10/08,10:35:50 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1036,N/A
ACCESS,2007/10/08,10:35:50 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1036); access was denied.,N/A,N/A
ACCESS,2007/10/08,10:36:34 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet.,N/A,N/A
FWIN,2007/10/08,10:44:56 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,10:45:00 -4:00 GMT,192.168.1.3:1649,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/08,10:45:04 -4:00 GMT,192.168.1.3:1651,192.168.1.4:139,TCP (flags:S)
PE,2007/10/08,10:51:28 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,64.233.171.147:53,N/A
ZLUpdate,2007/10/08,10:52:46 -4:00 GMT,,,Auto
ZLUpdate,2007/10/08,10:52:48 -4:00 GMT,,,Auto
FWIN,2007/10/08,11:17:10 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,11:17:14 -4:00 GMT,192.168.1.3:2327,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/08,11:17:18 -4:00 GMT,192.168.1.3:2329,192.168.1.4:139,TCP (flags:S)
PE,2007/10/08,14:07:46 -4:00 GMT,Studio program file,C:\Program Files\Pinnacle\Studio 9\programs\studio.exe,198.37.36.40:80,N/A
PE,2007/10/08,15:48:54 -4:00 GMT,Adobe Reader 7.0,C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe,216.66.26.50:53,N/A
ACCESS,2007/10/08,15:49:12 -4:00 GMT,Adobe Reader 7.0 was temporarily blocked from connecting to the Internet (216.66.26.50:DNS).,N/A,N/A
ACCESS,2007/10/08,15:49:12 -4:00 GMT,Adobe Reader 7.0 was temporarily blocked from connecting to the Internet (192.168.1.1:DNS).,N/A,N/A
ACCESS,2007/10/08,15:49:12 -4:00 GMT,Adobe Reader 7.0 was temporarily blocked from sending data to the Internet (192.168.1.1:DNS).,N/A,N/A
PE,2007/10/08,15:50:40 -4:00 GMT,Microsoft Word,C:\Program Files\Microsoft Office\Office10\WINWORD.EXE,207.230.145.197:80,N/A
ACCESS,2007/10/08,15:50:42 -4:00 GMT,Microsoft Word was temporarily blocked from connecting to the Internet (207.230.145.197:HTTP).,N/A,N/A
FWOUT,2007/10/08,15:56:48 -4:00 GMT,192.168.1.4:1050,192.168.1.1:53,UDP
FWOUT,2007/10/08,15:56:48 -4:00 GMT,192.168.1.4:1321,192.168.1.1:53,UDP
ACCESS,2007/10/08,20:05:32 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 1025).,N/A,N/A
ACCESS,2007/10/08,20:05:32 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 34511).,N/A,N/A
ACCESS,2007/10/08,20:05:44 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 1027).,N/A,N/A
ACCESS,2007/10/08,20:05:44 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 16034).,N/A,N/A
ACCESS,2007/10/08,20:06:48 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 1030).,N/A,N/A
ACCESS,2007/10/08,20:06:56 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 5515).,N/A,N/A
ACCESS,2007/10/08,20:06:56 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (169.254.76.122:Port 8209).,N/A,N/A
PE,2007/10/08,20:10:02 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,20:10:02 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,20:10:04 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,20:10:06 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,20:10:08 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,20:10:10 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/08,20:10:10 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/08,20:11:02 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,20:11:02 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,20:11:04 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,20:11:04 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,20:11:08 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,20:11:08 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
FWIN,2007/10/08,20:11:10 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
PE,2007/10/08,20:11:10 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1038,N/A
ACCESS,2007/10/08,20:11:10 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1038); access was denied.,N/A,N/A
PE,2007/10/08,20:11:10 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1039,N/A
ACCESS,2007/10/08,20:11:10 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1039); access was denied.,N/A,N/A
PE,2007/10/08,20:28:12 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A


10/9

----------begin---------------------

ZoneAlarm Logging Client v7.0.408.000
Windows XP-5.1.2600-Service Pack 2-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
PE,2007/10/08,23:15:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,23:15:46 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,23:15:48 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/08,23:15:48 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for sending data to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/08,23:15:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,23:15:56 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1028,N/A
ACCESS,2007/10/08,23:15:56 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1028); access was denied.,N/A,N/A
PE,2007/10/08,23:16:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,23:16:46 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,23:16:48 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,23:16:48 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,23:16:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/08,23:16:52 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
FWOUT,2007/10/08,23:16:54 -4:00 GMT,192.168.1.4:1042,192.168.1.3:139,TCP (flags:S)
PE,2007/10/08,23:16:54 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1037,N/A
ACCESS,2007/10/08,23:16:54 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1037); access was denied.,N/A,N/A
PE,2007/10/08,23:16:54 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,127.0.0.1:1038,N/A
ACCESS,2007/10/08,23:16:54 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the local zone (127.0.0.1:Port 1038); access was denied.,N/A,N/A
FWOUT,2007/10/08,23:17:38 -4:00 GMT,192.168.1.4:1048,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,23:18:28 -4:00 GMT,192.168.1.4:1054,192.168.1.3:139,TCP (flags:S)
PE,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier,C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe,64.233.169.104:80,N/A
ACCESS,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier was unable to obtain permission for connecting to the Internet (64.233.169.104:HTTP); access was denied.,N/A,N/A
PE,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier,C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe,64.233.169.103:80,N/A
ACCESS,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier was unable to obtain permission for connecting to the Internet (64.233.169.103:HTTP); access was denied.,N/A,N/A
PE,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier,C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe,64.233.169.99:80,N/A
ACCESS,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier was unable to obtain permission for connecting to the Internet (64.233.169.99:HTTP); access was denied.,N/A,N/A
PE,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier,C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe,64.233.169.147:80,N/A
ACCESS,2007/10/08,23:19:00 -4:00 GMT,GoogleToolbarNotifier was unable to obtain permission for connecting to the Internet (64.233.169.147:HTTP); access was denied.,N/A,N/A
FWOUT,2007/10/08,23:19:20 -4:00 GMT,192.168.1.4:1060,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,23:20:02 -4:00 GMT,192.168.1.4:1065,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/08,23:32:28 -4:00 GMT,192.168.1.4:1180,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/08,23:33:32 -4:00 GMT,192.168.1.3:4322,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/08,23:33:32 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/08,23:33:36 -4:00 GMT,192.168.1.3:4321,192.168.1.4:445,TCP (flags:S)
PE,2007/10/09,08:19:20 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
ACCESS,2007/10/09,08:19:20 -4:00 GMT,Windows Media Player Network Sharing Service was unable to obtain permission for connecting to the Internet (239.255.255.250:Port 1900); access was denied.,N/A,N/A
PE,2007/10/09,08:19:22 -4:00 GMT,Windows Media Player Network Sharing Service,C:\Program Files\Windows Media Player\wmpnetwk.exe,239.255.255.250:1900,N/A
PE,2007/10/09,08:24:50 -4:00 GMT,Microsoft(C) Register Server,C:\WINDOWS\system32\regsvr32.exe,68.142.228.136:53,N/A
PE,2007/10/09,08:34:22 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,208.71.120.64:53,N/A
ZLUpdate,2007/10/09,08:35:44 -4:00 GMT,,,Auto
ZLUpdate,2007/10/09,08:35:48 -4:00 GMT,,,Auto
PE,2007/10/09,10:58:38 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,216.52.117.95:53,N/A
ZLUpdate,2007/10/09,11:00:06 -4:00 GMT,,,Auto
ZLUpdate,2007/10/09,11:00:14 -4:00 GMT,,,Auto
FWIN,2007/10/09,13:15:04 -4:00 GMT,192.168.1.1:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/09,13:21:50 -4:00 GMT,82.21.47.2:8444,192.168.1.4:3074,UDP
FWIN,2007/10/09,13:24:26 -4:00 GMT,69.208.80.9:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,13:32:50 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,13:32:58 -4:00 GMT,81.96.248.147:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,13:33:56 -4:00 GMT,75.90.83.209:3074,192.168.1.4:3074,UDP
ACCESS,2007/10/09,16:03:42 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (192.168.1.3:Port 1040).,N/A,N/A
FWIN,2007/10/09,16:03:58 -4:00 GMT,192.168.1.3:1042,192.168.1.4:139,TCP (flags:S)
FWOUT,2007/10/09,16:05:24 -4:00 GMT,192.168.1.4:138,192.168.1.3:138,UDP
FWOUT,2007/10/09,16:11:08 -4:00 GMT,192.168.1.4:2084,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,16:11:08 -4:00 GMT,192.168.1.4:2083,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/09,16:28:26 -4:00 GMT,192.168.1.4:2338,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/09,16:41:58 -4:00 GMT,192.168.1.4:2522,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,16:41:58 -4:00 GMT,192.168.1.4:2521,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/09,17:00:40 -4:00 GMT,192.168.1.4:2559,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/09,17:32:52 -4:00 GMT,192.168.1.4:2610,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/09,18:05:06 -4:00 GMT,192.168.1.4:2664,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/09,18:37:18 -4:00 GMT,192.168.1.4:2680,192.168.1.2:445,TCP (flags:S)
FWOUT,2007/10/09,19:09:32 -4:00 GMT,192.168.1.4:2694,192.168.1.2:445,TCP (flags:S)
FWIN,2007/10/09,19:26:22 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
FWOUT,2007/10/09,19:46:18 -4:00 GMT,192.168.1.4:1025,192.168.1.1:53,UDP
PE,2007/10/09,19:49:20 -4:00 GMT,Windows Explorer,C:\WINDOWS\explorer.exe,207.46.248.249:80,N/A
PE,2007/10/09,19:57:30 -4:00 GMT,WinZip,C:\Program Files\WinZip\WINZIP32.EXE,216.52.117.95:53,N/A
FWIN,2007/10/09,20:35:40 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,21:46:00 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/09,21:56:08 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/09,22:02:22 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:02:24 -4:00 GMT,24.165.146.210:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:02:24 -4:00 GMT,74.248.238.76:50299,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:02:24 -4:00 GMT,74.163.203.25:50092,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:02:24 -4:00 GMT,76.84.141.25:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:02:26 -4:00 GMT,66.190.224.188:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:02:28 -4:00 GMT,75.167.65.231:3074,192.168.1.4:3074,UDP
FWIN,2007/10/09,22:04:50 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
PE,2007/10/09,22:21:36 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,216.109.126.23:53,N/A
ZLUpdate,2007/10/09,22:22:56 -4:00 GMT,,,Auto
ZLUpdate,2007/10/09,22:22:58 -4:00 GMT,,,Auto
FWIN,2007/10/09,22:34:16 -4:00 GMT,192.168.1.3:1661,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/09,22:39:58 -4:00 GMT,192.168.1.4:1036,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,22:40:48 -4:00 GMT,192.168.1.4:1042,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,22:41:40 -4:00 GMT,192.168.1.4:1045,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,22:42:30 -4:00 GMT,192.168.1.4:1047,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,22:43:22 -4:00 GMT,192.168.1.4:1049,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,22:53:14 -4:00 GMT,192.168.1.4:1191,192.168.1.3:139,TCP (flags:S)
PE,2007/10/09,22:56:20 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,206.46.232.40:53,N/A
ZLUpdate,2007/10/09,22:57:38 -4:00 GMT,,,Auto
ZLUpdate,2007/10/09,22:57:40 -4:00 GMT,,,Auto
FWOUT,2007/10/09,23:05:40 -4:00 GMT,192.168.1.4:1263,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/09,23:06:24 -4:00 GMT,192.168.1.3:1664,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/09,23:06:24 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/09,23:06:28 -4:00 GMT,192.168.1.3:1663,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/09,23:09:32 -4:00 GMT,192.168.1.4:1028,192.168.1.1:53,UDP
FWOUT,2007/10/09,23:10:16 -4:00 GMT,192.168.1.4:1303,192.168.1.3:139,TCP (flags:S)

10/10

----------begin---------------------

ZoneAlarm Logging Client v7.0.408.000
Windows XP-5.1.2600-Service Pack 2-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
FWOUT,2007/10/09,23:16:32 -4:00 GMT,192.168.1.4:1040,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,23:17:22 -4:00 GMT,192.168.1.4:1042,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,23:18:14 -4:00 GMT,192.168.1.4:1045,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,23:19:04 -4:00 GMT,192.168.1.4:1047,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,23:19:56 -4:00 GMT,192.168.1.4:1049,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/09,23:24:12 -4:00 GMT,69.244.136.48:3074,192.168.1.4:3074,UDP
FWOUT,2007/10/09,23:29:48 -4:00 GMT,192.168.1.4:1052,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/09,23:38:38 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/09,23:38:38 -4:00 GMT,192.168.1.3:1666,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/09,23:38:42 -4:00 GMT,192.168.1.3:1665,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/09,23:42:14 -4:00 GMT,192.168.1.4:1056,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/09,23:54:40 -4:00 GMT,192.168.1.4:1058,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,00:06:04 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
PE,2007/10/10,00:06:04 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,216.109.126.23:53,N/A
FWOUT,2007/10/10,00:07:04 -4:00 GMT,192.168.1.4:1109,192.168.1.3:139,TCP (flags:S)
ZLUpdate,2007/10/10,00:07:24 -4:00 GMT,,,Auto
FWIN,2007/10/10,00:07:26 -4:00 GMT,216.228.176.170:3074,192.168.1.4:3074,UDP
ZLUpdate,2007/10/10,00:07:28 -4:00 GMT,,,Auto
FWIN,2007/10/10,00:08:12 -4:00 GMT,68.125.53.40:3074,192.168.1.4:3074,UDP
FWIN,2007/10/10,00:10:50 -4:00 GMT,192.168.1.3:1668,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,00:10:50 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWOUT,2007/10/10,00:19:30 -4:00 GMT,192.168.1.4:1116,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,00:19:52 -4:00 GMT,66.142.84.47:3074,192.168.1.4:3074,UDP
FWOUT,2007/10/10,00:31:56 -4:00 GMT,192.168.1.4:1119,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,00:43:02 -4:00 GMT,192.168.1.3:1670,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,00:43:08 -4:00 GMT,192.168.1.3:1669,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/10,00:44:22 -4:00 GMT,192.168.1.4:1123,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,00:44:26 -4:00 GMT,65.59.234.161:3074,192.168.1.4:3074,UDP
PE,2007/10/10,00:52:48 -4:00 GMT,SpyHunter,C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe,127.0.0.1:1326,N/A
PE,2007/10/10,00:52:52 -4:00 GMT,SpyHunter,C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe,209.85.60.140:80,N/A
FWOUT,2007/10/10,00:56:46 -4:00 GMT,192.168.1.4:1332,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,01:09:12 -4:00 GMT,192.168.1.4:1428,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,01:15:16 -4:00 GMT,192.168.1.3:1672,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,01:15:16 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,01:15:20 -4:00 GMT,192.168.1.3:1671,192.168.1.4:445,TCP (flags:S)
PE,2007/10/10,01:18:28 -4:00 GMT,System Mechanic ®,C:\Program Files\iolo\System Mechanic 4\SysMech4.exe,38.99.77.35:53,N/A
FWOUT,2007/10/10,01:21:38 -4:00 GMT,192.168.1.4:1475,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,01:34:04 -4:00 GMT,192.168.1.4:1545,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,01:46:28 -4:00 GMT,192.168.1.4:1716,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,01:47:28 -4:00 GMT,192.168.1.3:1674,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,01:47:28 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,01:47:32 -4:00 GMT,192.168.1.3:1673,192.168.1.4:445,TCP (flags:S)
PE,2007/10/10,01:49:52 -4:00 GMT,Windows Explorer,C:\WINDOWS\explorer.exe,205.234.175.175:80,N/A
FWOUT,2007/10/10,01:58:54 -4:00 GMT,192.168.1.4:1993,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,02:11:20 -4:00 GMT,192.168.1.4:2071,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,02:19:40 -4:00 GMT,192.168.1.3:1677,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,02:19:40 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,02:19:46 -4:00 GMT,192.168.1.3:1676,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/10,02:23:44 -4:00 GMT,192.168.1.4:2075,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,02:36:12 -4:00 GMT,192.168.1.4:2077,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,02:48:36 -4:00 GMT,192.168.1.4:2079,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,02:51:54 -4:00 GMT,192.168.1.3:1679,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,02:51:58 -4:00 GMT,192.168.1.3:1678,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/10,03:01:02 -4:00 GMT,192.168.1.4:2083,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,03:13:28 -4:00 GMT,192.168.1.4:2085,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,03:24:06 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,03:24:10 -4:00 GMT,192.168.1.3:2314,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,03:56:24 -4:00 GMT,192.168.1.3:2776,192.168.1.4:445,TCP (flags:S)
ACCESS,2007/10/10,04:04:48 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (192.168.1.3:Port 1033).,N/A,N/A
FWOUT,2007/10/10,04:14:56 -4:00 GMT,192.168.1.4:2095,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,04:47:06 -4:00 GMT,192.168.1.4:2098,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,05:19:18 -4:00 GMT,192.168.1.4:2102,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,05:51:28 -4:00 GMT,192.168.1.4:2106,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,06:23:38 -4:00 GMT,192.168.1.4:2109,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,06:55:48 -4:00 GMT,192.168.1.4:2112,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,07:28:00 -4:00 GMT,192.168.1.4:2118,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,08:00:10 -4:00 GMT,192.168.1.4:2121,192.168.1.3:445,TCP (flags:S)
FWIN,2007/10/10,08:30:48 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,08:37:32 -4:00 GMT,192.168.1.3:1302,192.168.1.4:445,TCP (flags:S)
PE,2007/10/10,08:45:50 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,216.109.126.27:53,N/A
FWIN,2007/10/10,09:09:44 -4:00 GMT,192.168.1.3:1304,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,09:41:58 -4:00 GMT,192.168.1.3:1429,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,10:01:44 -4:00 GMT,192.168.1.3:1817,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,10:14:10 -4:00 GMT,192.168.1.3:1891,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,10:46:24 -4:00 GMT,192.168.1.3:2000,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,11:18:36 -4:00 GMT,192.168.1.3:2580,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,11:50:48 -4:00 GMT,192.168.1.3:3127,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/10,12:04:24 -4:00 GMT,192.168.1.4:1028,192.168.1.1:53,UDP
FWIN,2007/10/10,12:23:02 -4:00 GMT,192.168.1.3:3976,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,12:55:14 -4:00 GMT,192.168.1.3:4663,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,13:27:26 -4:00 GMT,192.168.1.3:4665,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,13:59:40 -4:00 GMT,192.168.1.3:4667,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,14:31:52 -4:00 GMT,192.168.1.3:4956,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,15:04:06 -4:00 GMT,192.168.1.3:1202,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,15:36:18 -4:00 GMT,192.168.1.3:1262,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,15:44:38 -4:00 GMT,192.168.1.3:1392,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,15:49:14 -4:00 GMT,192.168.1.2:1187,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,15:49:14 -4:00 GMT,192.168.1.2:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,15:49:20 -4:00 GMT,192.168.1.2:1185,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,16:01:42 -4:00 GMT,192.168.1.3:1857,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,16:08:30 -4:00 GMT,192.168.1.3:1986,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/10,16:16:40 -4:00 GMT,192.168.1.4:1036,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:17:32 -4:00 GMT,192.168.1.4:1042,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:18:22 -4:00 GMT,192.168.1.4:1045,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,16:18:28 -4:00 GMT,192.168.1.2:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,16:18:32 -4:00 GMT,192.168.1.2:2297,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,16:19:12 -4:00 GMT,192.168.1.2:2325,192.168.1.4:445,TCP (flags:S)
FWOUT,2007/10/10,16:19:14 -4:00 GMT,192.168.1.4:1050,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,16:19:40 -4:00 GMT,192.168.1.2:2343,192.168.1.4:80,TCP (flags:S)
FWOUT,2007/10/10,16:20:00 -4:00 GMT,192.168.1.4:1053,192.168.1.3:139,TCP (flags:S)
FWIN,2007/10/10,16:20:06 -4:00 GMT,192.168.1.2:2362,192.168.1.4:445,TCP (flags:S)
PE,2007/10/10,16:29:16 -4:00 GMT,Microsoft Word,C:\Program Files\Microsoft Office\Office10\WINWORD.EXE,216.64.199.123:443,N/A
FWOUT,2007/10/10,16:32:26 -4:00 GMT,192.168.1.4:1147,192.168.1.3:139,TCP (flags:S)
PE,2007/10/10,16:32:42 -4:00 GMT,ZoneAlarm Client,C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe,216.230.105.202:53,N/A
ZLUpdate,2007/10/10,16:34:04 -4:00 GMT,,,Auto
ZLUpdate,2007/10/10,16:34:08 -4:00 GMT,,,Auto
FWIN,2007/10/10,16:40:50 -4:00 GMT,192.168.1.3:2644,192.168.1.4:139,TCP (flags:S)
FWIN,2007/10/10,16:40:50 -4:00 GMT,192.168.1.3:0,192.168.1.4:0,ICMP (type:8/subtype:0)
FWIN,2007/10/10,16:40:54 -4:00 GMT,192.168.1.3:2643,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,16:41:20 -4:00 GMT,192.168.1.3:2645,192.168.1.4:445,TCP (flags:S)
FWIN,2007/10/10,16:41:24 -4:00 GMT,192.168.1.3:2646,192.168.1.4:139,TCP (flags:S)
FWOUT,2007/10/10,16:42:16 -4:00 GMT,192.168.1.4:1247,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:42:16 -4:00 GMT,192.168.1.4:1246,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:42:48 -4:00 GMT,192.168.1.4:1258,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:42:48 -4:00 GMT,192.168.1.4:1257,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:43:20 -4:00 GMT,192.168.1.4:1260,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:43:52 -4:00 GMT,192.168.1.4:1263,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:43:52 -4:00 GMT,192.168.1.4:1262,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:44:24 -4:00 GMT,192.168.1.4:1266,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:44:24 -4:00 GMT,192.168.1.4:1265,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:44:54 -4:00 GMT,192.168.1.4:1278,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:44:54 -4:00 GMT,192.168.1.4:1277,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:45:26 -4:00 GMT,192.168.1.4:1283,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:45:26 -4:00 GMT,192.168.1.4:1282,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:45:58 -4:00 GMT,192.168.1.4:1286,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:45:58 -4:00 GMT,192.168.1.4:1285,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:46:30 -4:00 GMT,192.168.1.4:1289,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:46:30 -4:00 GMT,192.168.1.4:1288,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:47:00 -4:00 GMT,192.168.1.4:1296,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:47:32 -4:00 GMT,192.168.1.4:1299,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:47:32 -4:00 GMT,192.168.1.4:1298,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:48:04 -4:00 GMT,192.168.1.4:1302,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:48:04 -4:00 GMT,192.168.1.4:1301,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:48:36 -4:00 GMT,192.168.1.4:1305,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:48:36 -4:00 GMT,192.168.1.4:1304,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:49:08 -4:00 GMT,192.168.1.4:1308,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:49:08 -4:00 GMT,192.168.1.4:1307,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:49:40 -4:00 GMT,192.168.1.4:1315,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:49:40 -4:00 GMT,192.168.1.4:1314,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:50:12 -4:00 GMT,192.168.1.4:1318,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:50:12 -4:00 GMT,192.168.1.4:1317,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:50:44 -4:00 GMT,192.168.1.4:1322,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:50:44 -4:00 GMT,192.168.1.4:1321,192.168.1.3:445,TCP (flags:S)
FWOUT,2007/10/10,16:51:16 -4:00 GMT,192.168.1.4:1326,192.168.1.3:139,TCP (flags:S)
FWOUT,2007/10/10,16:51:16 -4:00 G
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Unread postby random/random » October 13th, 2007, 1:37 pm

I can't see any vundo or zlob in those logs, is zonealarm still warning you about them?
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

problem

Unread postby trevsdad » October 13th, 2007, 5:31 pm

No, I haven't seen those alerts but my streamed video (live, or on-demand) continues to hang shortly after it begins to play and freezes, even true streamed. My downloads and web pages act the same way...I have to keep reloading for them to come through.

Did you detect any malware that would interfere with my conection? I'm no expert. but the ZA logs seem to indicate something trying to dial out from my machine as well as something trying to gain access to NETBios from the outside.

At the very least, do you have any indication of spyware that might cause this problem???[/b]
trevsdad
Active Member
 
Posts: 11
Joined: October 4th, 2007, 8:50 am

Unread postby random/random » October 14th, 2007, 6:02 am

The programs most likely to be causing it are zonealarm or your antivirus

I would try replacing zonealarm with the comodo firewall:

http://www.personalfirewall.comodo.com/

And seeing if the problem still exists
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware