7 years on high speed broadband never had a problem, put up a Firewall before I ever connected but the following series of events over the last several weeks have gotten me to where I am now.
System info:
HP
XP 2002 SP2
Pent 4/2.6
2.6 ghz 1GB ram
Internet: Verizon FIOS
Norton Internet Security for firewall and anti-virus
I believe it all started 4 weeks ago when:
1. My internet connection started going up and down. Verizon eventually showed up and changed the router from the original d-link to an actiontech.
2. I was not home when he did this but my wife was and after he put in the new router, the internet was up and running again, but the AOL 9VR software would not connect to the internet (i.e. via broadband connection) and my wife said the Verizon tech said it was a problem with NIS settings. Could not get the AOL software to work again, told my wife to use IE7 to get her mail.
3. My wife uses IE7 to access her AOL mail during the week.
4. Suddenly during the week (I travel during the week), she called me and said she could not log on to AOL web-mail or access sites that required a logon.
5. I tell her to click on the NIS icon in the task bar and she says it's not there. I have her bring up NIS manually. She reports that NAV is reporting an error and the error states the program must be re-loaded to fix it.
6. On the week-end, I determine the problem is that NIS has a setting changed to block access to secure sites. When I try and change the setting NIS says I do not have admin previldges to change. That's when I notice that there is a 'new' user listed in NIS which is what is logged in for NIS. This setting has the parental controls enabled.
7. I disconnect the computer from the internet and uninstall NIS. Reload NIS. NIS now appears to be working normally.
8. This week my wife calls me and says the computer has the message: 16 bit MS-DOS Subsystem, c:\docume~1\owner\locals~1\119232~1.exe, the NTVDM CPU has encountered an illegal instruction. CS:Odf5IP:0132 OP:fe de 2c 43ee
9. Two days later my wife calls with: HP Product Assist, the feature you are trying to use is on CD-ROM or other removable disk that is not available ...... This message comes up when turning the computer on. Canceling does nothing, and once cancel is hit the computer will only shut off via the power button.
10. Get home on Friday, see the problem and confirm the HP Product Assist issue. Run the NAV that night. NAV finds the 4 trojans and multiple infected files.
10a. The Symantec web-site suggest running NAV in Safe mode, which I attempted to do but I get an error saying there is a problem with 'product integrator'.
10b. Contact Symantec online support via chat. Their solution is to reinstall NIS/NAV saying it wont run in safe mode because it is infected. I tell them it had identified the trojans. They say I should call their tech support and pay them to fix the problem (interesting money making idea).
10c. The NAV log follows:
Norton AntiVirus Quarantine Report
Created: Saturday, October 27, 2007 8:54:12 AM
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
Backup of an infected file 27.0 KB Trojan.Zonebac
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:40:20 AM
Not submitted
------------------------------------------------------------------------------
shwicon2k.exe
c:\Program Files\Multimedia Card Reader
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:19 PM
Not submitted
------------------------------------------------------------------------------
crap.1191639737.old
C:\Program Files\WinBudget\bin
Backup of an infected file 91.2 KB Trojan.Dropper
SYSTEM HOMEHP WORKGROUP
Friday, October 12, 2007 10:58:23 PM
Not submitted
------------------------------------------------------------------------------
RECGUARD.EXE
c:\WINDOWS\SMINST
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:18 PM
Not submitted
------------------------------------------------------------------------------
hphmon05.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:17 PM
Not submitted
------------------------------------------------------------------------------
qttask.exe
C:\Program Files\QuickTime
Backup of an infected file 27.0 KB Trojan.Zonebac
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:42:58 AM
Not submitted
------------------------------------------------------------------------------
matrix.dll.1193224957.old
C:\Program Files\WinBudget\bin
Backup of an infected file 106 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:02 AM
Not submitted
------------------------------------------------------------------------------
MATRIX.DLL
C:\PROGRAM FILES\WINBUDGET\BIN
Backup of an infected file 73.0 KB Trojan.Adclicker
SYSTEM HOMEHP WORKGROUP
Monday, October 08, 2007 8:06:59 PM
Not submitted
------------------------------------------------------------------------------
hpqcmon.exe
c:\Program Files\HP\Digital Imaging\Unload
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:17 PM
Not submitted
------------------------------------------------------------------------------
Winampa.exe
c:\Program Files\Winamp
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:20 PM
Not submitted
------------------------------------------------------------------------------
NeroCheck.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:21 PM
Not submitted
------------------------------------------------------------------------------
InstantAccess.exe
c:\Program Files\TextBridge Pro 8.0\Bin
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:20 PM
Not submitted
------------------------------------------------------------------------------
crap.1192450921.old
C:\Program Files\WinBudget\bin
Backup of an infected file 174 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:01 AM
Not submitted
------------------------------------------------------------------------------
KBD.EXE
c:\hp\KBD
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:18 PM
Not submitted
------------------------------------------------------------------------------
hkcmd.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:17 PM
Not submitted
------------------------------------------------------------------------------
realsched.exe
C:\Program Files\Common Files\Real\Update_OB
Backup of an infected file 27.0 KB Trojan.Zonebac
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:31:58 AM
Not submitted
------------------------------------------------------------------------------
l[3].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DMW4QSNM
Backup of an infected file 3.70 KB Trojan.Reapall
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:14:45 AM
Not submitted
------------------------------------------------------------------------------
HPWuSchd2.exe
c:\Program Files\HP\HP Software Update
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:21 PM
Not submitted
------------------------------------------------------------------------------
ps2.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:18 PM
Not submitted
------------------------------------------------------------------------------
hpsysdrv.exe
C:\windows\system
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Thursday, October 25, 2007 5:04:52 PM
Not submitted
------------------------------------------------------------------------------
CTSysVol.exe
c:\Program Files\Creative\SBAudigy2\Surround Mixer
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:19 PM
Not submitted
------------------------------------------------------------------------------
RegisterDropHandler.exe
c:\Program Files\TextBridge Pro 8.0\Bin
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:21 PM
Not submitted
------------------------------------------------------------------------------
CTDVDDet.EXE
c:\Program Files\Creative\SBAudigy2\DVDAudio
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:19 PM
Not submitted
------------------------------------------------------------------------------
crap.1192277520.old
C:\Program Files\WinBudget\bin
Backup of an infected file 174 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:01 AM
Not submitted
------------------------------------------------------------------------------
backupnotify.exe
c:\Program Files\HP\Digital Imaging\bin
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:22 PM
Not submitted
------------------------------------------------------------------------------
UpdReg.EXE
c:\WINDOWS
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:20 PM
Not submitted
------------------------------------------------------------------------------
matrix.dll.1192450919.old
C:\Program Files\WinBudget\bin
Backup of an infected file 106 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:02 AM
Not submitted
------------------------------------------------------------------------------
11. Ran the HijackThis today and the log follows:
Logfile of HijackThis v1.99.1
Scan saved at 4:18:35 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\temp1\xnews\Xnews.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\temp1\downloaded programs\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bf6x1puv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bf6x1puv.slt\prefs.js)
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink/webinstall/FrmUpDLink.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
If you've read this far, thanks in advance for the help. I'm quite perplexed and as noted I've had 7 years with no identified problems mostly due always having firewalls and anti-virus protection in place.
System info:
HP
XP 2002 SP2
Pent 4/2.6
2.6 ghz 1GB ram
Internet: Verizon FIOS
Norton Internet Security for firewall and anti-virus
I believe it all started 4 weeks ago when:
1. My internet connection started going up and down. Verizon eventually showed up and changed the router from the original d-link to an actiontech.
2. I was not home when he did this but my wife was and after he put in the new router, the internet was up and running again, but the AOL 9VR software would not connect to the internet (i.e. via broadband connection) and my wife said the Verizon tech said it was a problem with NIS settings. Could not get the AOL software to work again, told my wife to use IE7 to get her mail.
3. My wife uses IE7 to access her AOL mail during the week.
4. Suddenly during the week (I travel during the week), she called me and said she could not log on to AOL web-mail or access sites that required a logon.
5. I tell her to click on the NIS icon in the task bar and she says it's not there. I have her bring up NIS manually. She reports that NAV is reporting an error and the error states the program must be re-loaded to fix it.
6. On the week-end, I determine the problem is that NIS has a setting changed to block access to secure sites. When I try and change the setting NIS says I do not have admin previldges to change. That's when I notice that there is a 'new' user listed in NIS which is what is logged in for NIS. This setting has the parental controls enabled.
7. I disconnect the computer from the internet and uninstall NIS. Reload NIS. NIS now appears to be working normally.
8. This week my wife calls me and says the computer has the message: 16 bit MS-DOS Subsystem, c:\docume~1\owner\locals~1\119232~1.exe, the NTVDM CPU has encountered an illegal instruction. CS:Odf5IP:0132 OP:fe de 2c 43ee
9. Two days later my wife calls with: HP Product Assist, the feature you are trying to use is on CD-ROM or other removable disk that is not available ...... This message comes up when turning the computer on. Canceling does nothing, and once cancel is hit the computer will only shut off via the power button.
10. Get home on Friday, see the problem and confirm the HP Product Assist issue. Run the NAV that night. NAV finds the 4 trojans and multiple infected files.
10a. The Symantec web-site suggest running NAV in Safe mode, which I attempted to do but I get an error saying there is a problem with 'product integrator'.
10b. Contact Symantec online support via chat. Their solution is to reinstall NIS/NAV saying it wont run in safe mode because it is infected. I tell them it had identified the trojans. They say I should call their tech support and pay them to fix the problem (interesting money making idea).
10c. The NAV log follows:
Norton AntiVirus Quarantine Report
Created: Saturday, October 27, 2007 8:54:12 AM
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
Backup of an infected file 27.0 KB Trojan.Zonebac
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:40:20 AM
Not submitted
------------------------------------------------------------------------------
shwicon2k.exe
c:\Program Files\Multimedia Card Reader
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:19 PM
Not submitted
------------------------------------------------------------------------------
crap.1191639737.old
C:\Program Files\WinBudget\bin
Backup of an infected file 91.2 KB Trojan.Dropper
SYSTEM HOMEHP WORKGROUP
Friday, October 12, 2007 10:58:23 PM
Not submitted
------------------------------------------------------------------------------
RECGUARD.EXE
c:\WINDOWS\SMINST
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:18 PM
Not submitted
------------------------------------------------------------------------------
hphmon05.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:17 PM
Not submitted
------------------------------------------------------------------------------
qttask.exe
C:\Program Files\QuickTime
Backup of an infected file 27.0 KB Trojan.Zonebac
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:42:58 AM
Not submitted
------------------------------------------------------------------------------
matrix.dll.1193224957.old
C:\Program Files\WinBudget\bin
Backup of an infected file 106 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:02 AM
Not submitted
------------------------------------------------------------------------------
MATRIX.DLL
C:\PROGRAM FILES\WINBUDGET\BIN
Backup of an infected file 73.0 KB Trojan.Adclicker
SYSTEM HOMEHP WORKGROUP
Monday, October 08, 2007 8:06:59 PM
Not submitted
------------------------------------------------------------------------------
hpqcmon.exe
c:\Program Files\HP\Digital Imaging\Unload
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:17 PM
Not submitted
------------------------------------------------------------------------------
Winampa.exe
c:\Program Files\Winamp
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:20 PM
Not submitted
------------------------------------------------------------------------------
NeroCheck.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:21 PM
Not submitted
------------------------------------------------------------------------------
InstantAccess.exe
c:\Program Files\TextBridge Pro 8.0\Bin
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:20 PM
Not submitted
------------------------------------------------------------------------------
crap.1192450921.old
C:\Program Files\WinBudget\bin
Backup of an infected file 174 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:01 AM
Not submitted
------------------------------------------------------------------------------
KBD.EXE
c:\hp\KBD
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:18 PM
Not submitted
------------------------------------------------------------------------------
hkcmd.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:17 PM
Not submitted
------------------------------------------------------------------------------
realsched.exe
C:\Program Files\Common Files\Real\Update_OB
Backup of an infected file 27.0 KB Trojan.Zonebac
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:31:58 AM
Not submitted
------------------------------------------------------------------------------
l[3].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DMW4QSNM
Backup of an infected file 3.70 KB Trojan.Reapall
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:14:45 AM
Not submitted
------------------------------------------------------------------------------
HPWuSchd2.exe
c:\Program Files\HP\HP Software Update
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:21 PM
Not submitted
------------------------------------------------------------------------------
ps2.exe
c:\WINDOWS\system32
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:18 PM
Not submitted
------------------------------------------------------------------------------
hpsysdrv.exe
C:\windows\system
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Thursday, October 25, 2007 5:04:52 PM
Not submitted
------------------------------------------------------------------------------
CTSysVol.exe
c:\Program Files\Creative\SBAudigy2\Surround Mixer
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:19 PM
Not submitted
------------------------------------------------------------------------------
RegisterDropHandler.exe
c:\Program Files\TextBridge Pro 8.0\Bin
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:21 PM
Not submitted
------------------------------------------------------------------------------
CTDVDDet.EXE
c:\Program Files\Creative\SBAudigy2\DVDAudio
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:19 PM
Not submitted
------------------------------------------------------------------------------
crap.1192277520.old
C:\Program Files\WinBudget\bin
Backup of an infected file 174 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:01 AM
Not submitted
------------------------------------------------------------------------------
backupnotify.exe
c:\Program Files\HP\Digital Imaging\bin
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:22 PM
Not submitted
------------------------------------------------------------------------------
UpdReg.EXE
c:\WINDOWS
Backup of an infected file 27.0 KB Trojan.Zonebac
SYSTEM HOMEHP WORKGROUP
Wednesday, October 24, 2007 2:22:20 PM
Not submitted
------------------------------------------------------------------------------
matrix.dll.1192450919.old
C:\Program Files\WinBudget\bin
Backup of an infected file 106 KB Trojan.Adclicker
Owner HOMEHP WORKGROUP
Saturday, October 27, 2007 2:46:02 AM
Not submitted
------------------------------------------------------------------------------
11. Ran the HijackThis today and the log follows:
Logfile of HijackThis v1.99.1
Scan saved at 4:18:35 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\temp1\xnews\Xnews.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\temp1\downloaded programs\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bf6x1puv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bf6x1puv.slt\prefs.js)
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink/webinstall/FrmUpDLink.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
If you've read this far, thanks in advance for the help. I'm quite perplexed and as noted I've had 7 years with no identified problems mostly due always having firewalls and anti-virus protection in place.