|
|
|
virus in my system please help
|
|
|
reach747
Newbie
|
2. October 2008 @ 23:35 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:53 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\0D85jUAB.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\WinRAR\WinRAR.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\b2ooJ188.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/s...b?1206240673585
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197896232187
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7915 bytes
|
|
Advertisement
|
 |
|
|
Senior Member
|
3. October 2008 @ 10:05 |
Link to this message
|
|
Hi reach747
Please be more specific. What "virus" do you have? What symptons are your computer displaying?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
3. October 2008 @ 10:07 |
Link to this message
|
|
Sorry... double post.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 3. October 2008 @ 10:10
|
|
reach747
Newbie
|
3. October 2008 @ 23:53 |
Link to this message
|
|
Once in a while Norton displays a message
Source: C:\DOCUME~1\shashi\LOCALS~1\Temp\t8SWcS40.exe
Click for more information about this virus : Trojan Horse
It says it can not be deleted.
Is any one aware of following running process?
C:\WINDOWS\system32\0D85jUAB.exe
|
Senior Member
|
4. October 2008 @ 02:52 |
Link to this message
|
Hey reach747
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
reach747
Newbie
|
4. October 2008 @ 13:41 |
Link to this message
|
ComboFix 08-10-04.01 - shashi 2008-10-04 13:30:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1452 [GMT -4:00]
Running from: F:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@ad.yieldmanager[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@circuitcity[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@ehg-seagate.hitbox[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@insightexpressai[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@revsci[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@spamblockerutility[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@specificclick[1].txt
C:\Documents and Settings\shashi\Cookies\shashi@trafficmp[2].txt
C:\Documents and Settings\shashi\Cookies\shashi@turn[1].txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
2008-10-03 10:27 . 2008-10-03 10:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2008-09-30 22:31 . 2008-09-30 22:31 20,992 --a------ C:\Employment Verification Template.doc
2008-09-28 20:03 . 2008-09-28 20:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-09-28 16:26 . 2008-09-28 16:26 32 --ahs---- C:\WINDOWS\system32\{112EA67D-702A-4F6C-B0CB-4B0E9A862D73}.dat
2008-09-28 16:26 . 2008-09-28 16:26 32 --ahs---- C:\WINDOWS\{F167DA43-4919-4967-93F9-7D341E0FAF3F}.dat
2008-09-28 16:26 . 2008-09-28 16:26 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-09-28 16:25 . 2008-09-28 16:25 <DIR> d-------- C:\Program Files\Symantec
2008-09-28 16:25 . 2008-09-28 16:25 <DIR> d-------- C:\Documents and Settings\shashi\Application Data\Symantec
2008-09-28 16:25 . 2008-09-28 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-28 16:25 . 2002-08-15 19:59 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-09-28 16:25 . 2002-08-15 19:59 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-28 16:25 . 2002-08-15 19:59 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-28 16:24 . 2008-10-03 19:25 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-28 01:41 . 2008-09-28 01:41 164 --a------ C:\install.dat
2008-09-27 21:01 . 2008-09-28 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 16:20 . 2008-09-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-27 16:19 . 2008-09-27 16:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 21:22 . 2008-09-09 21:22 <DIR> d-------- C:\Program Files\iPod
2008-09-09 21:22 . 2008-09-09 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 21:21 . 2008-09-09 21:21 <DIR> d-------- C:\Program Files\Bonjour
2008-09-09 21:20 . 2008-09-09 21:21 <DIR> d-------- C:\Program Files\QuickTime
2008-09-09 21:18 . 2008-09-05 22:16 1,900,544 --a------ C:\WINDOWS\system32\usbaaplrc.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 17:29 --------- d-----w C:\Documents and Settings\shashi\Application Data\BitTorrent
2008-09-10 01:20 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-06 02:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-04 03:55 --------- d-----w C:\Program Files\Real
2008-09-04 03:55 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-04 03:55 --------- d-----w C:\Program Files\Common Files\Real
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-08 23:52 --------- d-----w C:\Program Files\Apple Software Update
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-18 03:31 35,440 ----a-w C:\Documents and Settings\shashi\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 22:48 76 --sh--r C:\WINDOWS\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WZC.bat]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WZC.bat
backup=C:\WINDOWS\pss\WZC.batCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-01-14 00:40 290112 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-03-16 18:10 1392640 C:\WINDOWS\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2002-08-19 22:22 50880 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2002-08-19 22:23 34504 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 15:23 1191936 C:\Program Files\DELL\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-06-07 12:14 118784 C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 12:43 53248 f:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-08 00:37 133104 C:\Documents and Settings\shashi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-05-16 17:50 162584 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-05-16 17:50 138008 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 12:35 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 12:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 F:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
--a------ 2006-11-02 14:05 282624 C:\WINDOWS\system32\KADxMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-02-02 02:00 36864 C:\WINDOWS\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-05-16 17:50 138008 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 12:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-30 20:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-04-27 17:10 851968 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-03 23:55 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-06 18:10 405504 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"F:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
S3 BTSSvc$BizTalkServerApplication;BizTalk Service BizTalk Group : BizTalkServerApplication;F:\Program Files\Biztalk\BTSNTSvc.exe [2006-03-10 48328]
S3 EDI Subsystem;BizTalk Base EDI service;F:\Program Files\Biztalk\EDI\Subsystem\esp_srv.exe [2006-03-10 31936]
S3 ENTSSO;Enterprise Single Sign-On Service;C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe [2006-03-10 53440]
S3 OEM02Afx;Provides a software interface to control audio effects of M08 Internal webcam.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-01-10 141376]
S3 RuleEngineUpdateService;Rule Engine Update Service;F:\Program Files\Biztalk\RuleEngineUpdateService.exe [2006-03-10 35552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-09-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-04 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-03 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-03 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-03 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-03 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-03 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\0D85jUAB.exe []
2008-10-04 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-04 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\8Qsm1w4H.exe []
2008-10-03 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\shashi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 00:37]
2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- F:\PROGRA~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]
2008-10-04 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-updateMgr - F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\shashi\Application Data\Mozilla\Firefox\Profiles\hefgnger.default\
FF -: plugin - C:\Documents and Settings\shashi\Local Settings\Application Data\Google\Update\1.2.131.19\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - f:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - f:\Program Files\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 13:32:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:Message Box:General Counters]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:Message Box:Host Counters]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:TDDS]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BizTalk:Windows SharePoint Services Adapter]
.
Completion time: 2008-10-04 13:33:12
ComboFix-quarantined-files.txt 2008-10-04 17:32:52
Pre-Run: 7,587,151,872 bytes free
Post-Run: 7,768,338,432 bytes free
338 --- E O F --- 2008-09-26 22:00:25
|
Senior Member
|
5. October 2008 @ 00:58 |
Link to this message
|
Hey reach747
Please download Malwarebytes' Anti-Malware to your desktop.
? Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!!
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post contents of that file in your next reply.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 5. October 2008 @ 00:59
|
|
reach747
Newbie
|
5. October 2008 @ 14:34 |
Link to this message
|
Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 3
10/5/2008 2:27:05 PM
mbam-log-2008-10-05 (14-27-05).txt
Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 131010
Time elapsed: 1 hour(s), 4 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
Senior Member
|
6. October 2008 @ 07:52 |
Link to this message
|
Hey reach747
? Click Start.
? Open My Computer.
? Select the Tools menu and click Folder Options.
? Select the View Tab.
? Under the Hidden files and folders heading select Show hidden files and folders.
? Uncheck the Hide protected operating system files (recommended) option.
? Click Yes to confirm.
? Click OK.
Please find C:\WINDOWS\system32\8Qsm1w4H.exe and upload it to VirusTotal.com. Post the results here.
Please post a new HijackThis log.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
reach747
Newbie
|
6. October 2008 @ 20:04 |
Link to this message
|
Hi cdavfrew
Thanks for helping me on this.
8Qsm1w4H.exe is not there in the system32 folder.
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:15 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/s...b?1206240673585
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197896232187
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7324 bytes
|
|
Advertisement
|
|
|
Senior Member
|
7. October 2008 @ 06:28 |
Link to this message
|
|
Hey reach747
Please tell me what problems you have left?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
