virus in my system please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:53 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\0D85jUAB.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\WinRAR\WinRAR.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\b2ooJ188.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1206240673585
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1197896232187
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7915 bytes

 

Hi reach747

Please be more specific. What "virus" do you have? What symptons are your computer displaying?

Best Regards

 

Sorry... double post.

 

Once in a while Norton displays a message

Source: C:\DOCUME~1\shashi\LOCALS~1\Temp\t8SWcS40.exe
Click for more information about this virus : Trojan Horse

It says it can not be deleted.

Is any one aware of following running process?
C:\WINDOWS\system32\0D85jUAB.exe

 

Hey reach747

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards

 

ComboFix 08-10-04.01 - shashi 2008-10-04 13:30:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1452 [GMT -4:00]
Running from: F:\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@ad.yieldmanager[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@circuitcity[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@ehg-seagate.hitbox[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@insightexpressai[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@revsci[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@spamblockerutility[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@specificclick[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@trafficmp[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@turn[1].txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-03 10:27 . 2008-10-03 10:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2008-09-30 22:31 . 2008-09-30 22:31 20,992 --a------ C:\Employment Verification Template.doc
2008-09-28 20:03 . 2008-09-28 20:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-09-28 16:26 . 2008-09-28 16:26 32 --ahs---- C:\WINDOWS\system32\{112EA67D-702A-4F6C-B0CB-4B0E9A862D73}.dat
2008-09-28 16:26 . 2008-09-28 16:26 32 --ahs---- C:\WINDOWS\{F167DA43-4919-4967-93F9-7D341E0FAF3F}.dat
2008-09-28 16:26 . 2008-09-28 16:26 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-09-28 16:25 . 2008-09-28 16:25 <DIR> d-------- C:\Program Files\Symantec
2008-09-28 16:25 . 2008-09-28 16:25 <DIR> d-------- C:\Documents and Settings\shashi\Application Data\Symantec
2008-09-28 16:25 . 2008-09-28 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-28 16:25 . 2002-08-15 19:59 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-09-28 16:25 . 2002-08-15 19:59 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-28 16:25 . 2002-08-15 19:59 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-28 16:24 . 2008-10-03 19:25 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-28 01:41 . 2008-09-28 01:41 164 --a------ C:\install.dat
2008-09-27 21:01 . 2008-09-28 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 16:20 . 2008-09-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-27 16:19 . 2008-09-27 16:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 21:22 . 2008-09-09 21:22 <DIR> d-------- C:\Program Files\iPod
2008-09-09 21:22 . 2008-09-09 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 21:21 . 2008-09-09 21:21 <DIR> d-------- C:\Program Files\Bonjour
2008-09-09 21:20 . 2008-09-09 21:21 <DIR> d-------- C:\Program Files\QuickTime
2008-09-09 21:18 . 2008-09-05 22:16 1,900,544 --a------ C:\WINDOWS\system32\usbaaplrc.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 17:29 --------- d-----w C:\Documents and Settings\shashi\Application Data\BitTorrent
2008-09-10 01:20 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-06 02:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-04 03:55 --------- d-----w C:\Program Files\Real
2008-09-04 03:55 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-04 03:55 --------- d-----w C:\Program Files\Common Files\Real
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-08 23:52 --------- d-----w C:\Program Files\Apple Software Update
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-18 03:31 35,440 ----a-w C:\Documents and Settings\shashi\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 22:48 76 --sh--r C:\WINDOWS\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WZC.bat]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WZC.bat
backup=C:\WINDOWS\pss\WZC.batCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-01-14 00:40 290112 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-03-16 18:10 1392640 C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2002-08-19 22:22 50880 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2002-08-19 22:23 34504 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 15:23 1191936 C:\Program Files\DELL\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-06-07 12:14 118784 C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 12:43 53248 f:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-08 00:37 133104 C:\Documents and Settings\shashi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-05-16 17:50 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-05-16 17:50 138008 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 12:35 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 12:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 F:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
--a------ 2006-11-02 14:05 282624 C:\WINDOWS\system32\KADxMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 F:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-02-02 02:00 36864 C:\WINDOWS\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-05-16 17:50 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 12:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-30 20:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-04-27 17:10 851968 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-03 23:55 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-06 18:10 405504 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"F:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
S3 BTSSvc$BizTalkServerApplication;BizTalk Service BizTalk Group : BizTalkServerApplication;F:\Program Files\Biztalk\BTSNTSvc.exe [2006-03-10 48328]
S3 EDI Subsystem;BizTalk Base EDI service;F:\Program Files\Biztalk\EDI\Subsystem\esp_srv.exe [2006-03-10 31936]
S3 ENTSSO;Enterprise Single Sign-On Service;C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe [2006-03-10 53440]
S3 OEM02Afx;Provides a software interface to control audio effects of M08 Internal webcam.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-01-10 141376]
S3 RuleEngineUpdateService;Rule Engine Update Service;F:\Program Files\Biztalk\RuleEngineUpdateService.exe [2006-03-10 35552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-09-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-04 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-03 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-03 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-03 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-03 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-03 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\0D85jUAB.exe []

2008-10-04 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-04 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []

2008-10-03 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\shashi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 00:37]

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- F:\PROGRA~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-10-04 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpybotSD TeaTimer - F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-updateMgr - F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\shashi\Application Data\Mozilla\Firefox\Profiles\hefgnger.default\
FF -: plugin - C:\Documents and Settings\shashi\Local Settings\Application Data\Google\Update\1.2.131.19\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - f:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - f:\Program Files\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 13:32:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:Message Box:General Counters]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:Message Box:Host Counters]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:TDDS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:Windows SharePoint Services Adapter]
.
Completion time: 2008-10-04 13:33:12
ComboFix-quarantined-files.txt 2008-10-04 17:32:52

Pre-Run: 7,587,151,872 bytes free
Post-Run: 7,768,338,432 bytes free

338 --- E O F --- 2008-09-26 22:00:25

 

Hey reach747

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.

• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.

• Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!!

• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply.


Best Regards

 

Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 3

10/5/2008 2:27:05 PM
mbam-log-2008-10-05 (14-27-05).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 131010
Time elapsed: 1 hour(s), 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Hey reach747

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

Please find C:\WINDOWS\system32\8Qsm1w4H.exe and upload it to VirusTotal.com. Post the results here.


Please post a new HijackThis log.

Best Regards

 

Hi cdavfrew

Thanks for helping me on this.
8Qsm1w4H.exe is not there in the system32 folder.

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:15 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1206240673585
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1197896232187
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7324 bytes

 

Hey reach747

Please tell me what problems you have left?

Best Regards