Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
http://forums.whatth...nup_t87183.html
Now I have run the combo.fix and logs are as follows.
combofix log:
ComboFix 08-01-23.2B - rmunad 2008-01-24 10:55:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1222 [GMT -8:00]
Running from: C:\Documents and Settings\rmunad\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.
2008-01-10 10:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 06:59 . 2008-01-10 06:59 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-08 20:54 . 2008-01-08 20:54 707,376 --a------ C:\WINDOWS\vVX1000 .exe
2008-01-08 20:54 . 2008-01-08 20:54 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
2008-01-08 20:29 . 2008-01-08 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-08 20:19 . 2008-01-08 20:55 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-08 20:12 . 2008-01-08 20:21 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2008-01-08 20:12 . 2008-01-08 20:12 <DIR> d-------- C:\Temp\cEeer12
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 10:16 --------- d-----w C:\Program Files\LogMeIn
2008-01-17 19:30 --------- d-----w C:\Program Files\Picasa2
2008-01-09 20:01 3,111,936 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-01-09 19:47 --------- d-----w C:\Program Files\QuickTime
2008-01-09 19:47 --------- d-----w C:\Program Files\Pamela
2008-01-09 19:47 --------- d-----w C:\Program Files\Athan
2008-01-09 19:44 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-01-09 16:36 --------- d-----w C:\Program Files\Windows Defender
2008-01-09 16:36 --------- d-----w C:\Program Files\j2 Messenger 4.2
2008-01-09 16:36 --------- d-----w C:\Program Files\DellSupport
2008-01-09 16:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-09 16:35 --------- d-----w C:\Program Files\MSN Messenger
2008-01-09 04:55 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-11 15:01 7,162,288 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-11 13:26 2,877,952 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-12-08 06:44 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-12-07 05:59 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-12-06 22:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-29 03:16 2,789,888 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-11-27 20:47 --------- d-----w C:\Program Files\FileZilla Server
2007-11-27 20:31 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-11-27 20:29 2,760,192 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-11-27 02:30 --------- d-----w C:\Program Files\Apple Software Update
2007-11-21 17:44 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-11-21 17:44 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-21 17:44 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll
2007-11-21 17:44 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-11-21 17:44 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2007-10-26 20:36 2,213,376 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-10-25 19:00 36,352 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-09-11 13:52 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-09-10 16:37 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-09-05 23:58 1,491,456 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-09-02 16:55 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-08-07 01:49 1,338,368 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-08-06 18:23 19,456 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-08-05 17:32 1,342,976 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-08-03 17:37 24,576 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-07-11 22:07 1,213,440 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-07-11 04:00 21,504 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-06-18 13:05 986,112 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-06-17 05:09 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-05-28 16:43 300,032 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-05-28 16:43 1,026,048 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-05-22 00:17 928,256 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-05-22 00:17 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-04-30 03:29 639,488 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-04-27 15:29 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
.
<pre> ----a-w 954,368 2008-01-09 16:36:15 C:\Program Files\Athan\Athan .exe ----a-w 344,064 2008-01-09 04:54:18 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe ----a-w 155,648 2008-01-09 19:44:56 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe ----a-w 94,208 2008-01-09 04:54:44 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe ----a-w 185,632 2008-01-09 04:54:30 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 52,896 2008-01-09 19:44:54 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 460,784 2008-01-09 19:45:06 C:\Program Files\DellSupport\DSAgnt .exe ----a-w 107,008 2008-01-09 19:44:52 C:\Program Files\j2 Messenger 4.2\J2GDllCmd .exe ----a-w 132,760 2008-01-09 16:36:11 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe ----a-w 657,168 2008-01-09 19:45:00 C:\Program Files\JiWire\BOT Mapping\JiWireBOT .exe ----a-w 63,048 2008-01-09 19:44:49 C:\Program Files\LogMeIn\x86\LogMeInSystray .exe ----a-w 1,694,208 2008-01-09 16:36:19 C:\Program Files\Messenger\msmsgs .exe ----a-w 5,674,352 2008-01-09 16:13:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe ----a-w 139,320 2008-01-09 16:36:15 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe ----a-w 5,713,920 2008-01-09 16:36:26 C:\Program Files\Pamela\Pamela .exe ----a-w 286,720 2008-01-09 19:48:26 C:\Program Files\QuickTime\QTTask .exe ----a-w 0 2008-01-09 21:48:27 C:\Program Files\QuickTime\QTTask .exe ----a-w 0 2008-01-09 21:14:36 C:\Program Files\QuickTime\QTTask .exe ----a-w 0 2008-01-09 21:14:34 C:\Program Files\QuickTime\QTTask .exe ----a-w 22,880,040 2008-01-09 16:13:30 C:\Program Files\Skype\Phone\Skype .exe ----a-w 125,168 2008-01-09 04:54:28 C:\Program Files\Symantec AntiVirus\VPTray .exe ----a-w 866,584 2008-01-09 19:44:53 C:\Program Files\Windows Defender\MSASCui .exe ----a-w 0 2008-01-09 21:48:08 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 0 2008-01-09 21:17:33 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 444,160 2008-01-09 19:44:52 C:\Program Files\Zone Labs\Integrity Client\iclient .exe ----a-w 707,376 2008-01-09 04:54:34 C:\WINDOWS\vVX1000 .exe ----a-w 45,632 2008-01-09 04:54:14 C:\WINDOWS\system32\taskswitch .exe </pre>
((((((((((((((((((((((((((((( snapshot@2008-01-10_10.52.51.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-21 01:02:28 2,721,096 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\RACtrl.dll
+ 2008-01-17 21:18:26 2,745,672 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\RACtrl.dll
- 2008-01-10 18:29:19 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-24 18:54:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 18:29:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-24 18:54:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 18:29:19 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-24 18:54:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 18:29:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-24 18:54:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 18:29:19 6,516,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-24 18:54:46 6,516,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 18:29:19 540,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 18:54:46 540,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-04 04:41:27 283,857 ----a-w C:\WINDOWS\orclobi\MyDesktop\script.dat
+ 2008-01-12 02:48:14 284,190 ----a-w C:\WINDOWS\orclobi\MyDesktop\script.dat
- 2008-01-10 18:40:43 237,956 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-17 16:57:29 237,963 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-09 11:45 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-09 11:48 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 13:46 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-01-09 11:48 63048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-09 11:48 866584]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-09 11:48 52896]
"Zone Labs Client"="C:\Program Files\Zone Labs\Integrity Client\iclient.exe" [2008-01-09 11:48 444160]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2008-01-09 11:48 107008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]
C:\Documents and Settings\rmunad\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-05-04 11:39:42 2913840]
YzDock.exe.lnk - C:\Downloads\yzdock\YzDock.exe [2003-06-03 21:38:40 386560]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2007-08-31 14:24:57 612352]
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2006-06-26 14:59:21 3702784]
VPN Client.lnk - c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-04-24 17:10:01 6144]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-04 22:40:24 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 09:44 87352 C:\WINDOWS\system32\LMIinit.dll
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-10-15 10:46]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 MSExchangeMGMT;Microsoft Exchange Management;"C:\Program Files\Exchsrvr\bin\exmgmt.exe" [2003-06-23 23:00]
R2 MyDesktopWindows;MyDesktopService;C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe [2007-10-19 10:32]
R2 QOSMyDesktop;QOS MyDesktop;C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe [2006-04-21 11:14]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 04:00]
R2 SVNService;SVNService;C:\Program Files\Subversion\bin\svnservice.exe [2006-07-07 08:18]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 ICAM3NT5;Intel® PC Camera CS331;C:\WINDOWS\system32\Drivers\ICAM3D2.SYS [2001-07-18 13:52]
S3 MSSQL$DEV;MSSQL$DEV;C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe [2005-05-03 23:04]
S3 npkycryp;npkycryp;C:\Program Files\WIZET\MapleStory\npkycryp.sys []
S3 SQLAgent$DEV;SQLAgent$DEV;C:\Program Files\Microsoft SQL Server\MSSQL$DEV\binn\sqlagent.exe [2005-05-03 20:42]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 TAEReaderSvc;TA Email Reader;c:\vs projects\travel authorization\development\current\emailreader\taereadersvc\bin\debug\taereadersvc.exe [2006-09-25 12:17]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 12:22]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
*Newly Created Service* - ERASERUTILDRV10741
.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 02:53:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 10:05:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 11:00:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 2008-01-24 11:01:31
ComboFix-quarantined-files.txt 2008-01-24 19:01:27
ComboFix2.txt 2008-01-10 18:53:14
Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 11:02, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Subversion\bin\svnservice.exe
C:\Program Files\Subversion\bin\svnserve.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Downloads\yzdock\YzDock.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: YzDock.exe.lnk = C:\Downloads\yzdock\YzDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.expediacorporate.com
O15 - Trusted Zone: http://*.myspl.com
O15 - Trusted Zone: *.spl-training17
O15 - Trusted Zone: http://*.spl-training17
O15 - Trusted Zone: http://sf-of-tst.splwg.com
O15 - Trusted Zone: *.expedia.com (HKLM)
O15 - Trusted Zone: *.expediacorporate.com (HKLM)
O15 - Trusted Zone: http://*.myspl.com (HKLM)
O15 - Trusted Zone: http://sf-of-tst.splwg.com (HKLM)
O15 - Trusted IP range: 192.168.32.3
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.li...?v=13,0,0731,01
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://myspltest.co...webeditpro3.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://203.99.63.246.../WinWebPush.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://203.99.63.246:85/cab/msrdp.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://sf-of-prd.spl...tor/oajinit.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/s...llaboration.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://spl.webex.co...bex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = splwg.com
O17 - HKLM\Software\..\Telephony: DomainName = splwg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = splwg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = splwg.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SVNService - Clansoft - C:\Program Files\Subversion\bin\svnservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TA Email Reader (TAEReaderSvc) - SPL Worldgroup - c:\vs projects\travel authorization\development\current\emailreader\taereadersvc\bin\debug\taereadersvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
