Tech Support Forum - View Single Post - IE and Firefox seem to be in trouble on my laptop

vjgkam · 05-20-2008, 09:58 AM

Thank you so much for your time helping me solve this issue.

Below is the Combo Fix report and the HijackThis report.

Thanks Again!

ComboFix 08-05-19.4 - vjgkam 2008-05-20 12:38:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.435 [GMT -4:00]
Running from: C:\Users\vjgkam\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-16 14:36 . 2008-05-16 14:36 <DIR> d-------- C:\Deckard
2008-05-16 13:42 . 2008-05-16 13:42 <DIR> d-------- C:\Users\All Users\TEMP
2008-05-16 13:42 . 2008-05-16 13:42 <DIR> d-------- C:\ProgramData\TEMP
2008-05-16 13:42 . 2008-05-16 13:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-16 13:42 . 2005-08-25 18:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL
2008-05-16 13:42 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-05-16 08:59 . 2008-05-16 09:13 <DIR> d-------- C:\Program Files\Panda Security
2008-05-15 07:08 . 2008-05-15 07:08 0 --a------ C:\Windows\nsreg.dat
2008-05-14 10:29 . 2008-05-16 09:23 <DIR> d-------- C:\Users\All Users\Avira
2008-05-14 10:29 . 2008-05-16 09:23 <DIR> d-------- C:\ProgramData\Avira
2008-05-14 10:29 . 2008-05-14 10:29 <DIR> d-------- C:\Program Files\Avira
2008-05-02 16:33 . 2008-05-02 16:33 <DIR> d-------- C:\Program Files\PKWARE
2008-05-02 16:33 . 2008-05-02 16:33 <DIR> d-------- C:\Program Files\Common Files\PKWARE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-04-17 13:58 --------- d-----w C:\Program Files\Apple Software Update
2008-04-03 14:19 --------- d-----w C:\Program Files\iTunes
2008-04-03 14:19 --------- d-----w C:\Program Files\iPod
2008-04-03 14:18 --------- d-----w C:\Program Files\QuickTime
2008-03-24 23:18 --------- d-----w C:\ProgramData\Symantec
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-08-29 07:13 174 --sha-w C:\Program Files\desktop.ini
2008-02-01 17:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-01 17:54 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-01 17:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 04:04 1232896]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2006-12-18 21:13 2465792]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-29 10:45 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 19:43 95536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"MSServer"="C:\Users\vjgkam\AppData\Local\Temp\qoMeEvuu.dll" [ ]
"InetChk"="C:\Users\vjgkam\AppData\Local\Temp\ms1210594586.exe" [ ]
"cmds"="C:\Users\vjgkam\AppData\Local\Temp\xxyXOIBU.dll" [2008-05-12 08:21 320640]
"a0af2d6f"="C:\Users\vjgkam\AppData\Local\Temp\psdceics.dll" [2008-05-18 10:22 90752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-18 21:40 1006264]
"S3Trayp"="S3trayp.exe" [2006-12-15 02:04 176128 C:\Windows\System32\s3trayp.exe]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-02-01 05:18 1118208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 21:22 155648]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-26 12:18 22696]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 18:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 01:55 54832]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 05:31 630784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-10-30 22:32 112320]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-23 10:14 185632]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"cat"="C:\Program Files\CAT\cat.exe" [2004-10-29 03:36 612961]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 14:18:45 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\Windows\\system32\\Userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A68B7E5D-D635-4EF3-B2BA-790BCA79AC7D}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AFE7E7A2-69E5-4B8E-83DC-3FD666861459}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3271D552-E8C3-4BC1-A6A0-09F146073347}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{523644B3-D27F-4945-A19F-3AAEE3F13B42}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9B3BCD40-8117-4082-9E43-3B5B9095DDCC}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{BE8CF154-DAD2-4DBE-9E6A-D800F347D87B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6F4EDDF4-E691-4990-9657-F47C6EFA3484}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{73E331FF-9262-47B7-9DEC-B8A09E8FBE65}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B785AD7E-99AB-47C2-98E0-3786AB646C4B}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9B0BB8F5-65E9-4850-B386-95C3741C00DD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{26806B3B-43B1-4B89-8096-9632E2E37FCD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6076B70B-636B-406B-9AE5-76DD590B6F35}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{34EE56BE-ED59-45AA-899C-B36D4091169D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AAE54EE4-8E2A-4DFF-9B02-E0B44412B384}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071107.002\IDSvix86.sys [2007-11-06 12:07]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2006-12-20 03:00]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 03:30]
R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-02-05 01:53]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 01:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 01:56:58 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - vjgkam.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-05-20 09:08:25 C:\Windows\Tasks\User_Feed_Synchronization-{239555A4-50F5-41EE-A19E-48D6AC0C4E4F}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 12:43:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\explorer.exe
-> C:\Users\vjgkam\AppData\Local\Temp\psdceics.dll
-> C:\Users\vjgkam\AppData\Local\Temp\xxyXOIBU.dll
.
Completion time: 2008-05-20 12:46:36
ComboFix-quarantined-files.txt 2008-05-20 16:45:20

Pre-Run: 19,795,841,024 bytes free
Post-Run: 19,726,807,040 bytes free

166 --- E O F --- 2008-05-16 18:04:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:52 PM, on 5/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\vjgkam\Desktop\dss.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\vjgkam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sports.espn.go.com/ncf/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [cat] C:\Program Files\CAT\cat.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vjgkam\AppData\Local\Temp\xxyXOIBU.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8513 bytes

05-20-2008, 09:58 AM	#4 (permalink)
vjgkam Registered User Join Date: Apr 2007 Posts: 9 OS: Windows Vista	Re: IE and Firefox seem to be in trouble on my laptop Thank you so much for your time helping me solve this issue. Below is the Combo Fix report and the HijackThis report. Thanks Again! ComboFix 08-05-19.4 - vjgkam 2008-05-20 12:38:40.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.435 [GMT -4:00] Running from: C:\Users\vjgkam\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))) . 2008-05-16 14:36 . 2008-05-16 14:36 <DIR> d-------- C:\Deckard 2008-05-16 13:42 . 2008-05-16 13:42 <DIR> d-------- C:\Users\All Users\TEMP 2008-05-16 13:42 . 2008-05-16 13:42 <DIR> d-------- C:\ProgramData\TEMP 2008-05-16 13:42 . 2008-05-16 13:42 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-05-16 13:42 . 2005-08-25 18:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL 2008-05-16 13:42 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX 2008-05-16 08:59 . 2008-05-16 09:13 <DIR> d-------- C:\Program Files\Panda Security 2008-05-15 07:08 . 2008-05-15 07:08 0 --a------ C:\Windows\nsreg.dat 2008-05-14 10:29 . 2008-05-16 09:23 <DIR> d-------- C:\Users\All Users\Avira 2008-05-14 10:29 . 2008-05-16 09:23 <DIR> d-------- C:\ProgramData\Avira 2008-05-14 10:29 . 2008-05-14 10:29 <DIR> d-------- C:\Program Files\Avira 2008-05-02 16:33 . 2008-05-02 16:33 <DIR> d-------- C:\Program Files\PKWARE 2008-05-02 16:33 . 2008-05-02 16:33 <DIR> d-------- C:\Program Files\Common Files\PKWARE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-14 07:01 --------- d-----w C:\Program Files\Windows Mail 2008-04-17 13:58 --------- d-----w C:\Program Files\Apple Software Update 2008-04-03 14:19 --------- d-----w C:\Program Files\iTunes 2008-04-03 14:19 --------- d-----w C:\Program Files\iPod 2008-04-03 14:18 --------- d-----w C:\Program Files\QuickTime 2008-03-24 23:18 --------- d-----w C:\ProgramData\Symantec 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-08-29 07:13 174 --sha-w C:\Program Files\desktop.ini 2008-02-01 17:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-01 17:54 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-01 17:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 04:04 1232896] "Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2006-12-18 21:13 2465792] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-29 10:45 171448] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704] "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 19:43 95536] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728] "MSServer"="C:\Users\vjgkam\AppData\Local\Temp\qoMeEvuu.dll" [ ] "InetChk"="C:\Users\vjgkam\AppData\Local\Temp\ms1210594586.exe" [ ] "cmds"="C:\Users\vjgkam\AppData\Local\Temp\xxyXOIBU.dll" [2008-05-12 08:21 320640] "a0af2d6f"="C:\Users\vjgkam\AppData\Local\Temp\psdceics.dll" [2008-05-18 10:22 90752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-18 21:40 1006264] "S3Trayp"="S3trayp.exe" [2006-12-15 02:04 176128 C:\Windows\System32\s3trayp.exe] "HDAudDeck"="C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-02-01 05:18 1118208] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 21:22 155648] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816] "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-26 12:18 22696] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 18:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 01:55 54832] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 05:31 630784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-10-30 22:32 112320] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-23 10:14 185632] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048] "cat"="C:\Program Files\CAT\cat.exe" [2004-10-29 03:36 612961] "NapsterShell"="C:\Program Files\Napster\napster.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 14:18:45 67128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\Windows\\system32\\Userinit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A68B7E5D-D635-4EF3-B2BA-790BCA79AC7D}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{AFE7E7A2-69E5-4B8E-83DC-3FD666861459}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{3271D552-E8C3-4BC1-A6A0-09F146073347}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{523644B3-D27F-4945-A19F-3AAEE3F13B42}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{9B3BCD40-8117-4082-9E43-3B5B9095DDCC}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{BE8CF154-DAD2-4DBE-9E6A-D800F347D87B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{6F4EDDF4-E691-4990-9657-F47C6EFA3484}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{73E331FF-9262-47B7-9DEC-B8A09E8FBE65}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{B785AD7E-99AB-47C2-98E0-3786AB646C4B}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{9B0BB8F5-65E9-4850-B386-95C3741C00DD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{26806B3B-43B1-4B89-8096-9632E2E37FCD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{6076B70B-636B-406B-9AE5-76DD590B6F35}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{34EE56BE-ED59-45AA-899C-B36D4091169D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AAE54EE4-8E2A-4DFF-9B02-E0B44412B384}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7 R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071107.002\IDSvix86.sys [2007-11-06 12:07] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2006-12-20 03:00] R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 03:30] R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-02-05 01:53] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 01:40] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Newly Created Service - CATCHME Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-17 01:56:58 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - vjgkam.job" - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "2008-05-20 09:08:25 C:\Windows\Tasks\User_Feed_Synchronization-{239555A4-50F5-41EE-A19E-48D6AC0C4E4F}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 12:43:46 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1???????????????????????????????????????????????????????? scanning hidden files ... ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\explorer.exe -> C:\Users\vjgkam\AppData\Local\Temp\psdceics.dll -> C:\Users\vjgkam\AppData\Local\Temp\xxyXOIBU.dll . Completion time: 2008-05-20 12:46:36 ComboFix-quarantined-files.txt 2008-05-20 16:45:20 Pre-Run: 19,795,841,024 bytes free Post-Run: 19,726,807,040 bytes free 166 --- E O F --- 2008-05-16 18:04:50 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:53:52 PM, on 5/20/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\s3trayp.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Windows Mail\WinMail.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\vjgkam\Desktop\dss.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\vjgkam.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sports.espn.go.com/ncf/index R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1 O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [cat] C:\Program Files\CAT\cat.exe O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vjgkam\AppData\Local\Temp\xxyXOIBU.dll,c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8513 bytes