Tech Support Forum - View Single Post - Corrupt Norton, almost all webpages are redirected to microsoft.com

randomrandom · 10-04-2006, 09:54 PM

Great news! I got AVG anti-virus to finally uninstall (i had to uninstall it in safe-mode because it wouldnt in normal mode) and now my computer is on its way back to being normal again!
1) I have my wireless internet connection back
2) "Control Panel" and "My network Connections" do not crash anymore
3) I was able to reinstall Norton Antivirus 2006 which cleaned quite a few of the viruses out....
4) I uninstalled Spybot which allows all of my other programs to finally work right (ie. combofix, and norton)
5) Internet Explorer is back up and running as well, no more redirecting or crashing!!!! HOORAY!!!!

6) This is the best one.... My computer shuts down normally again!

Unfortunately, My startup time is still abmysal (windows still hangs for 2-5 minutes on the "windows is starting up" screen). I hope these new logs can help fix this!

*****************************************************
Combofix Log
*****************************************************
User1 - 06-10-04 20:45:17.35 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\desktop"
Command switches used :: /v d3dishsv wmneprfl dxmamcia

((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))

2006-10-04 17:01 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-04 15:00 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-04 15:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-27 21:54 13 --a------ C:\dumwnmifc.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.dll
2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-25 14:47 7,483 --a------ C:\clean.bat
2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-23 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-23 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-23 13:09 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-23 13:09 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-23 13:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-23 13:09 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-23 13:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-23 13:09 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-23 13:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-23 13:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-23 13:09 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-23 13:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-23 13:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-23 13:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-23 13:09 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-23 13:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-23 13:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-23 13:09 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-23 13:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-23 13:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-23 13:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-23 13:09 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-23 13:09 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-23 13:09 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-23 13:09 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-23 13:09 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-23 13:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-23 13:08 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-23 13:08 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-23 13:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-23 13:08 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-23 13:08 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-23 13:08 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-23 13:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-23 13:08 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-23 13:08 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-23 13:08 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-23 13:08 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-23 13:08 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-23 13:08 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-23 13:08 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-23 13:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-23 13:08 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-23 13:08 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-23 13:08 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-23 13:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-23 13:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-23 13:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-23 13:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-23 13:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-23 13:07 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-23 13:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-23 13:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-23 13:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-23 13:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-23 13:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-23 13:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-23 13:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-23 13:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-23 13:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-23 13:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-23 13:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-23 13:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-23 13:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-23 13:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-23 13:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-23 13:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-23 13:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-23 13:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-23 13:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-23 13:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-23 12:12 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-23 12:11 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-21 17:08 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-09-21 17:08 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2006-09-21 17:08 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-09-21 17:08 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-09-21 17:08 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2006-09-21 17:08 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-09-21 17:08 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2006-09-21 17:08 40,960 --------- C:\WINDOWS\system32\langserv.dll
2006-09-21 17:08 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-09-21 17:08 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-09-21 17:08 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-09-21 17:08 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2006-09-21 17:08 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-09-21 17:08 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-09-21 17:08 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-09-21 17:08 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2006-09-21 17:08 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-09-21 17:08 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-09-21 17:08 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-09-21 17:08 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2006-09-21 17:08 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-09-21 17:05 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2006-09-21 17:05 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-09-21 17:05 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-09-21 17:05 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-09-21 17:05 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-09-17 18:01 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2006-09-17 18:01 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2006-09-17 18:01 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-17 18:01 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2006-09-17 18:01 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2006-09-17 18:01 188,416 --a------ C:\WINDOWS\system32\eax.dll
2006-09-17 18:01 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2006-09-17 18:01 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-04 20:21 -------- d-------- C:\Program Files\Trillian
2006-10-04 20:17 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-04 20:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-04 17:21 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-04 17:20 -------- d-------- C:\Program Files\Symantec
2006-10-04 17:02 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-10-04 17:01 -------- d-------- C:\Program Files\Common Files
2006-10-04 15:39 -------- d-------- C:\Program Files\Windows Media Player
2006-10-04 15:33 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-04 15:07 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-04 14:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-04 14:53 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2006-10-01 00:35 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 23:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-27 22:29 -------- d-------- C:\Program Files\CleanUp!
2006-09-27 21:55 -------- d-------- C:\Program Files\HaxFix
2006-09-27 15:50 -------- d-------- C:\Documents and Settings\User1\Application Data\DMCache
2006-09-26 19:25 -------- d-------- C:\Program Files\RegistryFix
2006-09-25 20:18 -------- d-------- C:\Program Files\Unlocker
2006-09-25 18:25 -------- d-------- C:\Program Files\Grisoft
2006-09-25 18:14 -------- d-------- C:\Documents and Settings\User1\Application Data\Symantec
2006-09-24 23:00 -------- d-------- C:\Documents and Settings\User1\Application Data\Mozilla
2006-09-24 13:04 8329 --a------ C:\Documents and Settings\User1\Application Data\.googlewebacchosts
2006-09-24 09:07 -------- d-------- C:\Program Files\Alwil Software
2006-09-23 21:53 -------- d-------- C:\Program Files\Pinnacle
2006-09-23 13:09 -------- d-------- C:\Program Files\Outlook Express
2006-09-23 13:09 -------- d-------- C:\Program Files\NetMeeting
2006-09-23 13:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-23 13:09 -------- d-------- C:\Program Files\Common Files\System
2006-09-23 13:08 -------- d-------- C:\Program Files\Windows NT
2006-09-21 17:07 -------- d-------- C:\Program Files\SmartSound Software
2006-09-18 16:28 -------- d-------- C:\Program Files\Internet Download Manager
2006-09-18 16:28 -------- d-------- C:\Documents and Settings\User1\Application Data\IDM
2006-09-17 21:11 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-17 18:11 -------- d-------- C:\Program Files\GTA-SanAndreas
2006-09-16 23:24 -------- d-------- C:\Documents and Settings\User1\Application Data\Sun
2006-09-16 10:07 -------- d-------- C:\Documents and Settings\User1\Application Data\Google
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 14:44 -------- d-------- C:\Program Files\Winamp
2006-09-10 19:43 -------- d-------- C:\Documents and Settings\User1\Application Data\AdobeUM
2006-09-10 18:24 -------- d---s---- C:\Documents and Settings\User1\Application Data\Microsoft
2006-09-10 10:34 -------- d-------- C:\Program Files\Java
2006-09-07 22:32 -------- d-------- C:\Program Files\Save Flash
2006-08-29 01:28 140984 --a------ C:\WINDOWS\system32\idmmbc.dll
2006-08-24 20:40 -------- d-------- C:\Program Files\GeoVid
2006-08-22 18:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-22 18:32 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-08-22 18:25 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-22 18:05 -------- d-------- C:\Program Files\LiveUpdate
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins001.exe
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins000.exe
2006-08-22 00:22 -------- d-------- C:\Program Files\Temp
2006-08-22 00:22 -------- d-------- C:\Program Files\Anark
2006-08-21 23:49 -------- d-------- C:\Program Files\OceanDive
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:44 -------- d-------- C:\Program Files\SereneScreen
2006-08-19 11:23 -------- d-------- C:\Documents and Settings\User1\Application Data\RipIt4Me
2006-08-19 09:43 -------- d-------- C:\Program Files\PgcEdit
2006-08-18 15:30 -------- d-------- C:\Documents and Settings\User1\Application Data\Adobe
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-08-03 20:59 48 ---hs---- C:\Documents and Settings\User1\Application Data\.zreglib

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wnmicf

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmicf.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmifc.sys

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User1.job

Completion time: 06-10-04 20:46:10.49
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

******************************************************
HJT Log
******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 20:46, on 06-10-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: d3dishsv.dll wmneprfl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O20 - Winlogon Notify: wnmicf - wnmicf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

10-04-2006, 09:54 PM	#23 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	Great News! Great news! I got AVG anti-virus to finally uninstall (i had to uninstall it in safe-mode because it wouldnt in normal mode) and now my computer is on its way back to being normal again! 1) I have my wireless internet connection back 2) "Control Panel" and "My network Connections" do not crash anymore 3) I was able to reinstall Norton Antivirus 2006 which cleaned quite a few of the viruses out.... 4) I uninstalled Spybot which allows all of my other programs to finally work right (ie. combofix, and norton) 5) Internet Explorer is back up and running as well, no more redirecting or crashing!!!! HOORAY!!!! 6) This is the best one.... My computer shuts down normally again! Unfortunately, My startup time is still abmysal (windows still hangs for 2-5 minutes on the "windows is starting up" screen). I hope these new logs can help fix this! *************************************************** Combofix Log *************************************************** User1 - 06-10-04 20:45:17.35 Service Pack 1 ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\desktop" Command switches used :: /v d3dishsv wmneprfl dxmamcia ((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 )))))))))))))))))))))))))))))))))) 2006-10-04 17:01 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-10-04 15:00 331,776 --a------ C:\WINDOWS\system32\winhttp.dll 2006-10-04 15:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-09-27 21:54 13 --a------ C:\dumwnmifc.sys 2006-09-27 21:54 13 --a------ C:\dumwnmicf.sys 2006-09-27 21:54 13 --a------ C:\dumwnmicf.dll 2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2006-09-25 14:47 7,483 --a------ C:\clean.bat 2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe 2006-09-23 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2006-09-23 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2006-09-23 13:09 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2006-09-23 13:09 81,408 --a------ C:\WINDOWS\system32\msoert2.dll 2006-09-23 13:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll 2006-09-23 13:09 73,728 --a------ C:\WINDOWS\system32\ils.dll 2006-09-23 13:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2006-09-23 13:09 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2006-09-23 13:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll 2006-09-23 13:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2006-09-23 13:09 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-09-23 13:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll 2006-09-23 13:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2006-09-23 13:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2006-09-23 13:09 361,984 --a------ C:\WINDOWS\system32\qmgr.dll 2006-09-23 13:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll 2006-09-23 13:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2006-09-23 13:09 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll 2006-09-23 13:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2006-09-23 13:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll 2006-09-23 13:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2006-09-23 13:09 250,368 --a------ C:\WINDOWS\system32\mstask.dll 2006-09-23 13:09 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2006-09-23 13:09 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2006-09-23 13:09 226,304 --a------ C:\WINDOWS\system32\srrstr.dll 2006-09-23 13:09 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll 2006-09-23 13:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll 2006-09-23 13:08 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2006-09-23 13:08 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2006-09-23 13:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2006-09-23 13:08 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2006-09-23 13:08 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2006-09-23 13:08 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2006-09-23 13:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2006-09-23 13:08 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2006-09-23 13:08 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2006-09-23 13:08 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2006-09-23 13:08 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll 2006-09-23 13:08 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2006-09-23 13:08 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2006-09-23 13:08 18,432 --a------ C:\WINDOWS\system32\qprocess.exe 2006-09-23 13:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe 2006-09-23 13:08 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2006-09-23 13:08 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe 2006-09-23 13:08 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2006-09-23 13:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe 2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll 2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll 2006-09-23 13:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2006-09-23 13:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll 2006-09-23 13:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll 2006-09-23 13:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll 2006-09-23 13:07 57,856 --a------ C:\WINDOWS\system32\licwmi.dll 2006-09-23 13:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll 2006-09-23 13:07 534,016 --a------ C:\WINDOWS\system32\spider.exe 2006-09-23 13:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2006-09-23 13:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe 2006-09-23 13:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe 2006-09-23 13:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe 2006-09-23 13:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll 2006-09-23 13:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe 2006-09-23 13:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2006-09-23 13:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll 2006-09-23 13:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll 2006-09-23 13:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll 2006-09-23 13:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2006-09-23 13:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll 2006-09-23 13:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe 2006-09-23 13:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe 2006-09-23 13:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2006-09-23 13:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe 2006-09-23 13:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2006-09-23 13:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll 2006-09-23 12:12 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2006-09-23 12:11 71,168 --a------ C:\WINDOWS\system32\storprop.dll 2006-09-21 17:08 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2006-09-21 17:08 81,920 --------- C:\WINDOWS\system32\vdrmux.dll 2006-09-21 17:08 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll 2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\lffax13n.dll 2006-09-21 17:08 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll 2006-09-21 17:08 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll 2006-09-21 17:08 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll 2006-09-21 17:08 44,544 --------- C:\WINDOWS\system32\msxml4a.dll 2006-09-21 17:08 40,960 --------- C:\WINDOWS\system32\langserv.dll 2006-09-21 17:08 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL 2006-09-21 17:08 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll 2006-09-21 17:08 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll 2006-09-21 17:08 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll 2006-09-21 17:08 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll 2006-09-21 17:08 24,576 --------- C:\WINDOWS\system32\lftga13n.dll 2006-09-21 17:08 204,881 --------- C:\WINDOWS\system32\DiskIO.dll 2006-09-21 17:08 18,432 --------- C:\WINDOWS\system32\Cachex.dll 2006-09-21 17:08 155,721 --------- C:\WINDOWS\system32\RALMain.dll 2006-09-21 17:08 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL 2006-09-21 17:08 143,360 --------- C:\WINDOWS\system32\lftif13n.dll 2006-09-21 17:08 114,759 --------- C:\WINDOWS\system32\Aviprax.dll 2006-09-21 17:08 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll 2006-09-21 17:05 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2006-09-21 17:05 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL 2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll 2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL 2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL 2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL 2006-09-21 17:05 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL 2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL 2006-09-21 17:05 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL 2006-09-21 17:05 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL 2006-09-17 18:01 82,432 --------- C:\WINDOWS\system32\msxml4r.dll 2006-09-17 18:01 54,784 --a------ C:\WINDOWS\system32\msvci70.dll 2006-09-17 18:01 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll 2006-09-17 18:01 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll 2006-09-17 18:01 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll 2006-09-17 18:01 188,416 --a------ C:\WINDOWS\system32\eax.dll 2006-09-17 18:01 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll 2006-09-17 18:01 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-04 20:21 -------- d-------- C:\Program Files\Trillian 2006-10-04 20:17 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-10-04 20:06 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-04 17:21 -------- d-------- C:\Program Files\Norton Internet Security 2006-10-04 17:20 -------- d-------- C:\Program Files\Symantec 2006-10-04 17:02 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2006-10-04 17:01 -------- d-------- C:\Program Files\Common Files 2006-10-04 15:39 -------- d-------- C:\Program Files\Windows Media Player 2006-10-04 15:33 -------- d-------- C:\Program Files\Symantec Technical Support 2006-10-04 15:07 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-10-04 14:53 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-04 14:53 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN 2006-10-01 00:35 -------- d-------- C:\Program Files\Internet Explorer 2006-09-27 23:37 -------- d--h----- C:\Program Files\WindowsUpdate 2006-09-27 22:29 -------- d-------- C:\Program Files\CleanUp! 2006-09-27 21:55 -------- d-------- C:\Program Files\HaxFix 2006-09-27 15:50 -------- d-------- C:\Documents and Settings\User1\Application Data\DMCache 2006-09-26 19:25 -------- d-------- C:\Program Files\RegistryFix 2006-09-25 20:18 -------- d-------- C:\Program Files\Unlocker 2006-09-25 18:25 -------- d-------- C:\Program Files\Grisoft 2006-09-25 18:14 -------- d-------- C:\Documents and Settings\User1\Application Data\Symantec 2006-09-24 23:00 -------- d-------- C:\Documents and Settings\User1\Application Data\Mozilla 2006-09-24 13:04 8329 --a------ C:\Documents and Settings\User1\Application Data\.googlewebacchosts 2006-09-24 09:07 -------- d-------- C:\Program Files\Alwil Software 2006-09-23 21:53 -------- d-------- C:\Program Files\Pinnacle 2006-09-23 13:09 -------- d-------- C:\Program Files\Outlook Express 2006-09-23 13:09 -------- d-------- C:\Program Files\NetMeeting 2006-09-23 13:09 -------- d-------- C:\Program Files\Movie Maker 2006-09-23 13:09 -------- d-------- C:\Program Files\Common Files\System 2006-09-23 13:08 -------- d-------- C:\Program Files\Windows NT 2006-09-21 17:07 -------- d-------- C:\Program Files\SmartSound Software 2006-09-18 16:28 -------- d-------- C:\Program Files\Internet Download Manager 2006-09-18 16:28 -------- d-------- C:\Documents and Settings\User1\Application Data\IDM 2006-09-17 21:11 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-09-17 18:11 -------- d-------- C:\Program Files\GTA-SanAndreas 2006-09-16 23:24 -------- d-------- C:\Documents and Settings\User1\Application Data\Sun 2006-09-16 10:07 -------- d-------- C:\Documents and Settings\User1\Application Data\Google 2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-09-14 14:44 -------- d-------- C:\Program Files\Winamp 2006-09-10 19:43 -------- d-------- C:\Documents and Settings\User1\Application Data\AdobeUM 2006-09-10 18:24 -------- d---s---- C:\Documents and Settings\User1\Application Data\Microsoft 2006-09-10 10:34 -------- d-------- C:\Program Files\Java 2006-09-07 22:32 -------- d-------- C:\Program Files\Save Flash 2006-08-29 01:28 140984 --a------ C:\WINDOWS\system32\idmmbc.dll 2006-08-24 20:40 -------- d-------- C:\Program Files\GeoVid 2006-08-22 18:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2006-08-22 18:32 -------- d-------- C:\Program Files\Motorola Phone Tools 2006-08-22 18:25 -------- d-------- C:\Program Files\mobile PhoneTools 2006-08-22 18:05 -------- d-------- C:\Program Files\LiveUpdate 2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins001.exe 2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins000.exe 2006-08-22 00:22 -------- d-------- C:\Program Files\Temp 2006-08-22 00:22 -------- d-------- C:\Program Files\Anark 2006-08-21 23:49 -------- d-------- C:\Program Files\OceanDive 2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-21 00:44 -------- d-------- C:\Program Files\SereneScreen 2006-08-19 11:23 -------- d-------- C:\Documents and Settings\User1\Application Data\RipIt4Me 2006-08-19 09:43 -------- d-------- C:\Program Files\PgcEdit 2006-08-18 15:30 -------- d-------- C:\Documents and Settings\User1\Application Data\Adobe 2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll 2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys 2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll 2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2006-08-03 20:59 48 ---hs---- C:\Documents and Settings\User1\Application Data\.zreglib (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r" "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE" "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdReg" "hkey"="HKLM" "command"="C:\\WINDOWS\\UpdReg.EXE" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wnmicf HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmicf.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmifc.sys Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User1.job Completion time: 06-10-04 20:46:10.49 ComboFix.txt ComboFix2.txt ComboFix3.txt **************************************************** HJT Log **************************************************** Logfile of HijackThis v1.99.1 Scan saved at 20:46, on 06-10-04 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ? O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: d3dishsv.dll wmneprfl.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\ O20 - Winlogon Notify: wnmicf - wnmicf.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe