Tech Support Forum - View Single Post

**purplehatr** · 12-05-2006, 09:17 PM

I used to have norton antivirus but something happened and it stopped opening. So I purchased a new copy a few days ago but it will not load because it is having a problem authentication my windows installer (not sure what that means). Below is my hijackthis log after following your steps

Logfile of HijackThis v1.99.1
Scan saved at 11:15:51 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EzButton\CplBTQ00.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [sysvx.exe] C:\WINDOWS\system32\sysvx.exe
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by4fd.bay4.hotmail.msn.com/re...s/MsnPUpld.cab
O16 - DPF: {5C4EB11A-2078-432E-92FE-0CB2ACD6D071} (m2wFTPClient.M2WFTPControl) - http://webmail.smartneighborhood.net...wFTPClient.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136510791312
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://12.38.18.17/msrdp.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://137.45.172.212/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

Here is the ComboFix Log

Troy Balk - 06-12-05 23:09:51.98 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Troy Balk\desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\csrss.exe
C:\WINDOWS\hook.txt
C:\WINDOWS\ie-hook.txt
C:\WINDOWS\system32\sysvx.exe
C:\Program Files\Common Files\{382EEA5D-0AE9-1033-0910-030807030001}
C:\Program Files\Common Files\{982EEA5D-0AE9-1033-0910-030807030001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\Program Files\SKS~1

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))

2006-12-04 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2006-12-04 13:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2006-12-04 00:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-04 00:00 <DIR> d-------- C:\Documents and Settings\Troy Balk\.housecall6.6
2006-12-03 22:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-12-03 21:15 <DIR> d-------- C:\WINDOWS\pss
2006-12-03 20:08 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-03 20:08 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-03 20:05 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-03 20:04 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-03 19:54 117,256 --a------ C:\WINDOWS\system32\kytgqboq.dll
2006-12-03 00:49 5 --a------ C:\WINDOWS\system\tdsdcs.dll
2006-12-02 22:30 75,264 --a------ C:\WINDOWS\system32\mkoilwxx.exe
2006-12-02 22:30 7,680 --a------ C:\WINDOWS\comdlg64.dll
2006-12-02 22:30 34,536 --a------ C:\WINDOWS\system32\ipv6mons.dll
2006-12-02 22:30 16,384 --a------ C:\WINDOWS\system32\pudjlrur.exe
2006-12-02 22:30 13,824 --a------ C:\WINDOWS\system32\vadqbaaa.exe
2006-12-02 22:30 1,042 --a------ C:\WINDOWS\system32\miroaaaa.exe
2006-11-19 16:38 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-19 16:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-19 16:37 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-19 16:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-11-19 16:34 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-19 16:33 <DIR> dr-h----- C:\MSOCache
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-05 23:11 -------- d-------- C:\Program Files\Common Files
2006-12-04 13:34 -------- d-------- C:\Program Files\Internet Explorer
2006-12-03 22:44 -------- d-------- C:\Program Files\Notebook Maximizer
2006-12-03 21:00 -------- d-------- C:\Program Files\WinZip
2006-12-03 20:11 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-03 20:01 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-03 19:59 -------- d-------- C:\Program Files\Symantec
2006-11-19 16:36 -------- d-------- C:\Program Files\Common Files\System
2006-11-19 13:00 -------- d-------- C:\Program Files\PartyGaming
2006-11-11 01:06 -------- d-------- C:\Program Files\AutoSizer
2006-10-20 01:10 -------- d-------- C:\Program Files\Winamp
2006-10-20 01:09 -------- d-------- C:\Program Files\Toshiba Controls
2006-10-20 01:09 -------- d-------- C:\Program Files\QuickTime
2006-10-20 01:09 -------- d-------- C:\Program Files\Messenger
2006-10-20 01:09 -------- d-------- C:\Program Files\ltmoh
2006-10-20 01:09 -------- d-------- C:\Program Files\EzButton
2006-10-20 01:09 -------- d-------- C:\Program Files\DIGStream
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AutoSizer"="\"C:\\Program Files\\AutoSizer\\AutoSizer.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CplBTQ00"="C:\\Program Files\\EzButton\\CplBTQ00.EXE"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"CpRmtKey"="\"C:\\Program Files\\Toshiba Controls\\CpRmtKey.EXE\""
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"sysvx.exe"="C:\\WINDOWS\\system32\\sysvx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061205-230636-175
O15 - Trusted Zone: *.musicmatch.com (HKLM)
backup-20061205-230636-371
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20061205-230636-908
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
backup-20061205-230636-432
O2 - BHO: (no name) - {4BDB8269-B862-47EB-802E-E1BB1C210F09} - C:\WINDOWS\system32\lpealpe.dll
backup-20061205-230636-162
O2 - BHO: Visual Renderer - {16946E6F-C8B7-4D66-B97D-785B7D6BF083} - C:\WINDOWS\system\brwptr32.dll
backup-20061205-230636-245
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,udbjdjh.exe
backup-20061203-202213-352
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20061203-202113-272
R3 - Default URLSearchHook is missing
backup-20061203-195533-606
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://royaljoker.microgaming.com/r...er/FlashAX.cab
backup-20061203-004419-490
O2 - BHO: (no name) - {4BDB8269-B862-47EB-802E-E1BB1C210F09} - C:\WINDOWS\system32\lpealpe.dll
backup-20061203-004351-302
O20 - AppInit_DLLs:
backup-20061202-235722-105
O4 - HKCU\..\Run: [vadqbaaa] C:\WINDOWS\system32\vadqbaaa.exe
backup-20061202-235722-125
O4 - HKLM\..\Run: [vadqbaaa] C:\WINDOWS\system32\vadqbaaa.exe
backup-20060514-041300-512
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20060514-041221-204
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20060514-041221-286
O15 - Trusted Zone: *.musicmatch.com
backup-20060514-041221-820
O15 - Trusted Zone: *.mmohsix.com
backup-20060514-041221-573
O15 - Trusted Zone: *.elitemediagroup.net
backup-20060514-041221-998
O15 - Trusted Zone: *.media-motor.net
backup-20060514-041221-399
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
backup-20060514-041221-178
O4 - HKLM\..\Run: [ms0341755811-17] C:\WINDOWS\ms0341755811-17.exe
backup-20060514-040847-997
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
backup-20060514-010105-708
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
backup-20060514-010105-490
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20060514-010105-600
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinlqaf.exe
backup-20060514-010105-540
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
backup-20060514-010105-786
O4 - HKCU\..\Run: [Pqaayb] C:\Program Files\??sks\j?vaw.exe
backup-20060514-010105-792
O4 - HKCU\..\Run: [Osus] "C:\Program Files\htwu\rrup.exe" -vt yazb
backup-20060514-010105-500
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinlqaf.exe FI002
backup-20060514-010105-301
O4 - HKLM\..\Run: [{EE-EA-A5-5D-ZN}] c:\windows\system32\dwdsregt.exe FI002
backup-20060514-010104-442
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
backup-20060514-010105-661
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
backup-20060514-010104-529
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20050718-194318-835
O4 - HKLM\..\Run: [Search Bar] C:\WINDOWS\taskbar.exe
backup-20050717-044048-572
O4 - HKLM\..\Run: [itunes] c:\dial.exe
backup-20050610-192310-320
F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe,
backup-20050528-182103-746
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
backup-20050208-190742-785
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
backup-20050208-190742-599
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
backup-20050208-190742-423
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost35.exe
backup-20050208-190742-389
O4 - HKLM\..\Run: [a7547229b2e1] C:\WINDOWS\System32\avifile2.exe
backup-20050208-190742-506
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-05 23:12:01.59

12-05-2006, 09:17 PM	#5 (permalink)
purplehatr I helped the forums. Join Date: Feb 2005 Location: Ashburn, VA Posts: 39 OS: XP	Info I used to have norton antivirus but something happened and it stopped opening. So I purchased a new copy a few days ago but it will not load because it is having a problem authentication my windows installer (not sure what that means). Below is my hijackthis log after following your steps Logfile of HijackThis v1.99.1 Scan saved at 11:15:51 PM, on 12/5/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\EzButton\CplBTQ00.EXE c:\program files\internet explorer\iexplore.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Tmasy\Tmasy.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE" O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sysvx.exe] C:\WINDOWS\system32\sysvx.exe O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by4fd.bay4.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {5C4EB11A-2078-432E-92FE-0CB2ACD6D071} (m2wFTPClient.M2WFTPControl) - http://webmail.smartneighborhood.net...wFTPClient.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136510791312 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://12.38.18.17/msrdp.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://137.45.172.212/activex/AxisCamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe Here is the ComboFix Log Troy Balk - 06-12-05 23:09:51.98 Service Pack 2 ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Troy Balk\desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\csrss.exe C:\WINDOWS\hook.txt C:\WINDOWS\ie-hook.txt C:\WINDOWS\system32\sysvx.exe C:\Program Files\Common Files\{382EEA5D-0AE9-1033-0910-030807030001} C:\Program Files\Common Files\{982EEA5D-0AE9-1033-0910-030807030001} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\Program Files\SKS~1 ((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 )))))))))))))))))))))))))))))))))) 2006-12-04 14:05 <DIR> d-------- C:\Program Files\Trend Micro 2006-12-04 13:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2006-12-04 00:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2006-12-04 00:00 <DIR> d-------- C:\Documents and Settings\Troy Balk\.housecall6.6 2006-12-03 22:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2006-12-03 21:15 <DIR> d-------- C:\WINDOWS\pss 2006-12-03 20:08 <DIR> d-------- C:\WINDOWS\WBEM 2006-12-03 20:08 <DIR> d-------- C:\WINDOWS\system32\en-US 2006-12-03 20:05 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2006-12-03 20:04 <DIR> d-------- C:\WINDOWS\network diagnostic 2006-12-03 19:54 117,256 --a------ C:\WINDOWS\system32\kytgqboq.dll 2006-12-03 00:49 5 --a------ C:\WINDOWS\system\tdsdcs.dll 2006-12-02 22:30 75,264 --a------ C:\WINDOWS\system32\mkoilwxx.exe 2006-12-02 22:30 7,680 --a------ C:\WINDOWS\comdlg64.dll 2006-12-02 22:30 34,536 --a------ C:\WINDOWS\system32\ipv6mons.dll 2006-12-02 22:30 16,384 --a------ C:\WINDOWS\system32\pudjlrur.exe 2006-12-02 22:30 13,824 --a------ C:\WINDOWS\system32\vadqbaaa.exe 2006-12-02 22:30 1,042 --a------ C:\WINDOWS\system32\miroaaaa.exe 2006-11-19 16:38 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2006-11-19 16:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2006-11-19 16:37 <DIR> d-------- C:\Program Files\Common Files\DESIGNER 2006-11-19 16:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2006-11-19 16:34 <DIR> d-------- C:\Program Files\Microsoft Office 2006-11-19 16:33 <DIR> dr-h----- C:\MSOCache 2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-05 23:11 -------- d-------- C:\Program Files\Common Files 2006-12-04 13:34 -------- d-------- C:\Program Files\Internet Explorer 2006-12-03 22:44 -------- d-------- C:\Program Files\Notebook Maximizer 2006-12-03 21:00 -------- d-------- C:\Program Files\WinZip 2006-12-03 20:11 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-12-03 20:01 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-12-03 19:59 -------- d-------- C:\Program Files\Symantec 2006-11-19 16:36 -------- d-------- C:\Program Files\Common Files\System 2006-11-19 13:00 -------- d-------- C:\Program Files\PartyGaming 2006-11-11 01:06 -------- d-------- C:\Program Files\AutoSizer 2006-10-20 01:10 -------- d-------- C:\Program Files\Winamp 2006-10-20 01:09 -------- d-------- C:\Program Files\Toshiba Controls 2006-10-20 01:09 -------- d-------- C:\Program Files\QuickTime 2006-10-20 01:09 -------- d-------- C:\Program Files\Messenger 2006-10-20 01:09 -------- d-------- C:\Program Files\ltmoh 2006-10-20 01:09 -------- d-------- C:\Program Files\EzButton 2006-10-20 01:09 -------- d-------- C:\Program Files\DIGStream 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "AutoSizer"="\"C:\\Program Files\\AutoSizer\\AutoSizer.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "CplBTQ00"="C:\\Program Files\\EzButton\\CplBTQ00.EXE" "CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe" "LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe" "CpRmtKey"="\"C:\\Program Files\\Toshiba Controls\\CpRmtKey.EXE\"" "CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe" "TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe" "Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe" "MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe" "mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "sysvx.exe"="C:\\WINDOWS\\system32\\sysvx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "system"="C:\\WINDOWS\\csrss.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061205-230636-175 O15 - Trusted Zone: .musicmatch.com (HKLM) backup-20061205-230636-371 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll backup-20061205-230636-908 O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com backup-20061205-230636-432 O2 - BHO: (no name) - {4BDB8269-B862-47EB-802E-E1BB1C210F09} - C:\WINDOWS\system32\lpealpe.dll backup-20061205-230636-162 O2 - BHO: Visual Renderer - {16946E6F-C8B7-4D66-B97D-785B7D6BF083} - C:\WINDOWS\system\brwptr32.dll backup-20061205-230636-245 F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,udbjdjh.exe backup-20061203-202213-352 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20061203-202113-272 R3 - Default URLSearchHook is missing backup-20061203-195533-606 O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://royaljoker.microgaming.com/r...er/FlashAX.cab backup-20061203-004419-490 O2 - BHO: (no name) - {4BDB8269-B862-47EB-802E-E1BB1C210F09} - C:\WINDOWS\system32\lpealpe.dll backup-20061203-004351-302 O20 - AppInit_DLLs: backup-20061202-235722-105 O4 - HKCU\..\Run: [vadqbaaa] C:\WINDOWS\system32\vadqbaaa.exe backup-20061202-235722-125 O4 - HKLM\..\Run: [vadqbaaa] C:\WINDOWS\system32\vadqbaaa.exe backup-20060514-041300-512 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background backup-20060514-041221-204 O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab backup-20060514-041221-286 O15 - Trusted Zone: .musicmatch.com backup-20060514-041221-820 O15 - Trusted Zone: .mmohsix.com backup-20060514-041221-573 O15 - Trusted Zone: .elitemediagroup.net backup-20060514-041221-998 O15 - Trusted Zone: *.media-motor.net backup-20060514-041221-399 O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe backup-20060514-041221-178 O4 - HKLM\..\Run: [ms0341755811-17] C:\WINDOWS\ms0341755811-17.exe backup-20060514-040847-997 O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe backup-20060514-010105-708 O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab backup-20060514-010105-490 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe backup-20060514-010105-600 O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinlqaf.exe backup-20060514-010105-540 O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe backup-20060514-010105-786 O4 - HKCU\..\Run: [Pqaayb] C:\Program Files\??sks\j?vaw.exe backup-20060514-010105-792 O4 - HKCU\..\Run: [Osus] "C:\Program Files\htwu\rrup.exe" -vt yazb backup-20060514-010105-500 O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinlqaf.exe FI002 backup-20060514-010105-301 O4 - HKLM\..\Run: [{EE-EA-A5-5D-ZN}] c:\windows\system32\dwdsregt.exe FI002 backup-20060514-010104-442 O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll backup-20060514-010105-661 O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll backup-20060514-010104-529 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) backup-20050718-194318-835 O4 - HKLM\..\Run: [Search Bar] C:\WINDOWS\taskbar.exe backup-20050717-044048-572 O4 - HKLM\..\Run: [itunes] c:\dial.exe backup-20050610-192310-320 F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe, backup-20050528-182103-746 O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm backup-20050208-190742-785 O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe backup-20050208-190742-599 O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe backup-20050208-190742-423 O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost35.exe backup-20050208-190742-389 O4 - HKLM\..\Run: [a7547229b2e1] C:\WINDOWS\System32\avifile2.exe backup-20050208-190742-506 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-12-05 23:12:01.59