Corrupt Norton, almost all webpages are redirected to microsoft.com

[randomrandom]

Spybot would pop up each time i ran this scan asking "do you want to allow this registry change" and after i accepted the changes, combofix would close. I did that the first time today, but then i reran combofix with spybot disabled and it gave me this log....

********************************************************
Combofix
********************************************************
User1 - 06-10-02 9:21:35.76 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-01 to 2006-10-01 ))))))))))))))))))))))))))))))))))


2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-27 21:54 13 --a------ C:\dumwnmifc.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.dll
2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-25 14:47 7,483 --a------ C:\clean.bat
2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-23 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-23 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-23 13:41 38,912 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-09-23 13:41 10,752 --a------ C:\WINDOWS\system32\wpdtrace.dll
2006-09-23 13:09 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-23 13:09 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-23 13:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-23 13:09 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-23 13:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-23 13:09 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-23 13:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-23 13:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-23 13:09 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-23 13:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-23 13:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-23 13:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-23 13:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-23 13:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-23 13:09 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-23 13:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-23 13:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-23 13:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-23 13:09 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-23 13:09 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-23 13:09 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-23 13:09 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-23 13:09 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-23 13:09 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-23 13:09 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-23 13:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-23 13:08 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-23 13:08 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-23 13:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-23 13:08 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-23 13:08 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-23 13:08 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-23 13:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-23 13:08 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-23 13:08 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-23 13:08 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-23 13:08 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-23 13:08 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-23 13:08 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-23 13:08 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-23 13:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-23 13:08 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-23 13:08 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-23 13:08 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-23 13:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-23 13:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-23 13:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-23 13:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-23 13:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-23 13:07 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-23 13:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-23 13:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-23 13:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-23 13:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-23 13:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-23 13:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-23 13:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-23 13:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-23 13:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-23 13:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-23 13:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-23 13:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-23 13:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-23 13:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-23 13:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-23 13:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-23 13:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-23 13:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-23 13:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-23 13:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-23 12:12 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-23 12:11 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-21 17:28 182,784 --ah----- C:\WINDOWS\system32\dxmamcia.dll
2006-09-21 17:08 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-09-21 17:08 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2006-09-21 17:08 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-09-21 17:08 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-09-21 17:08 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2006-09-21 17:08 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-09-21 17:08 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2006-09-21 17:08 40,960 --------- C:\WINDOWS\system32\langserv.dll
2006-09-21 17:08 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-09-21 17:08 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-09-21 17:08 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-09-21 17:08 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2006-09-21 17:08 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-09-21 17:08 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-09-21 17:08 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-09-21 17:08 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2006-09-21 17:08 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-09-21 17:08 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-09-21 17:08 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-09-21 17:08 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2006-09-21 17:08 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-09-21 17:05 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2006-09-21 17:05 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-09-21 17:05 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-09-21 17:05 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-09-21 17:05 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-09-17 18:01 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2006-09-17 18:01 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2006-09-17 18:01 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-17 18:01 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2006-09-17 18:01 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2006-09-17 18:01 188,416 --a------ C:\WINDOWS\system32\eax.dll
2006-09-17 18:01 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2006-09-17 18:01 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-02 00:09 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-01 23:27 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-01 12:43 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-01 00:48 -------- d-------- C:\Program Files\Windows Media Player
2006-10-01 00:44 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2006-10-01 00:35 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 23:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-27 22:29 -------- d-------- C:\Program Files\CleanUp!
2006-09-27 21:55 -------- d-------- C:\Program Files\HaxFix
2006-09-27 15:50 -------- d-------- C:\Documents and Settings\User1\Application Data\DMCache
2006-09-26 19:25 -------- d-------- C:\Program Files\RegistryFix
2006-09-25 20:18 -------- d-------- C:\Program Files\Unlocker
2006-09-25 18:27 -------- d-------- C:\Documents and Settings\User1\Application Data\AVG7
2006-09-25 18:26 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-25 18:25 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-25 18:25 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-25 18:25 -------- d-------- C:\Program Files\Grisoft
2006-09-25 18:14 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-25 18:14 -------- d-------- C:\Documents and Settings\User1\Application Data\Symantec
2006-09-25 18:13 -------- d-------- C:\Program Files\Symantec
2006-09-25 18:12 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-24 23:00 -------- d-------- C:\Documents and Settings\User1\Application Data\Mozilla
2006-09-24 13:04 8329 --a------ C:\Documents and Settings\User1\Application Data\.googlewebacchosts
2006-09-24 09:07 -------- d-------- C:\Program Files\Alwil Software
2006-09-23 21:53 -------- d-------- C:\Program Files\Pinnacle
2006-09-23 13:09 -------- d-------- C:\Program Files\Outlook Express
2006-09-23 13:09 -------- d-------- C:\Program Files\NetMeeting
2006-09-23 13:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-23 13:08 -------- d-------- C:\Program Files\Windows NT
2006-09-21 17:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 17:07 -------- d-------- C:\Program Files\SmartSound Software
2006-09-21 17:04 -------- d-------- C:\Program Files\Trillian
2006-09-18 16:28 -------- d-------- C:\Program Files\Internet Download Manager
2006-09-18 16:28 -------- d-------- C:\Documents and Settings\User1\Application Data\IDM
2006-09-17 21:11 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-17 18:11 -------- d-------- C:\Program Files\GTA-SanAndreas
2006-09-16 23:24 -------- d-------- C:\Documents and Settings\User1\Application Data\Sun
2006-09-16 10:07 -------- d-------- C:\Documents and Settings\User1\Application Data\Google
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 14:44 -------- d-------- C:\Program Files\Winamp
2006-09-10 19:43 -------- d-------- C:\Documents and Settings\User1\Application Data\AdobeUM
2006-09-10 18:24 -------- d---s---- C:\Documents and Settings\User1\Application Data\Microsoft
2006-09-10 10:34 -------- d-------- C:\Program Files\Java
2006-09-07 22:32 -------- d-------- C:\Program Files\Save Flash
2006-08-29 01:28 140984 --a------ C:\WINDOWS\system32\idmmbc.dll
2006-08-24 20:40 -------- d-------- C:\Program Files\GeoVid
2006-08-22 18:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-22 18:32 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-08-22 18:25 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-22 18:05 -------- d-------- C:\Program Files\LiveUpdate
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins001.exe
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins000.exe
2006-08-22 00:22 -------- d-------- C:\Program Files\Temp
2006-08-22 00:22 -------- d-------- C:\Program Files\Anark
2006-08-21 23:49 -------- d-------- C:\Program Files\OceanDive
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:44 -------- d-------- C:\Program Files\SereneScreen
2006-08-19 11:23 -------- d-------- C:\Documents and Settings\User1\Application Data\RipIt4Me
2006-08-19 09:43 -------- d-------- C:\Program Files\PgcEdit
2006-08-18 15:30 -------- d-------- C:\Documents and Settings\User1\Application Data\Adobe
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-08-03 20:59 48 ---hs---- C:\Documents and Settings\User1\Application Data\.zreglib
2006-08-03 20:54 -------- d-------- C:\Program Files\Rip it 4 Me
2006-08-02 11:41 -------- d-------- C:\Program Files\BitComet


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IS CfgWiz"="\"C:\\Program Files\\Norton Internet Security\\cfgwiz.exe\" /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dxmamcia
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wnmicf

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmicf.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmifc.sys

Completion time: 06-10-02 9:21:45.90
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

[Ried]

Nice job...keep TeaTimer disabled and this time, run combofix from the Run command using the command I gave you in my previous reply.

Post the ComboFix.txt again, along with a new HijackThis log.

[randomrandom]

Great news! I got AVG anti-virus to finally uninstall (i had to uninstall it in safe-mode because it wouldnt in normal mode) and now my computer is on its way back to being normal again!
1) I have my wireless internet connection back
2) "Control Panel" and "My network Connections" do not crash anymore
3) I was able to reinstall Norton Antivirus 2006 which cleaned quite a few of the viruses out....
4) I uninstalled Spybot which allows all of my other programs to finally work right (ie. combofix, and norton)
5) Internet Explorer is back up and running as well, no more redirecting or crashing!!!! HOORAY!!!!
6) This is the best one.... My computer shuts down normally again!

Unfortunately, My startup time is still abmysal (windows still hangs for 2-5 minutes on the "windows is starting up" screen). I hope these new logs can help fix this!

*****************************************************
Combofix Log
*****************************************************
User1 - 06-10-04 20:45:17.35 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\desktop"
Command switches used :: /v d3dishsv wmneprfl dxmamcia

((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-04 17:01 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-04 15:00 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-04 15:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-27 21:54 13 --a------ C:\dumwnmifc.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.dll
2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-25 14:47 7,483 --a------ C:\clean.bat
2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-23 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-23 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-23 13:09 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-23 13:09 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-23 13:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-23 13:09 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-23 13:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-23 13:09 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-23 13:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-23 13:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-23 13:09 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-23 13:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-23 13:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-23 13:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-23 13:09 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-23 13:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-23 13:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-23 13:09 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-23 13:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-23 13:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-23 13:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-23 13:09 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-23 13:09 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-23 13:09 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-23 13:09 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-23 13:09 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-23 13:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-23 13:08 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-23 13:08 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-23 13:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-23 13:08 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-23 13:08 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-23 13:08 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-23 13:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-23 13:08 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-23 13:08 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-23 13:08 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-23 13:08 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-23 13:08 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-23 13:08 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-23 13:08 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-23 13:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-23 13:08 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-23 13:08 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-23 13:08 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-23 13:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-23 13:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-23 13:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-23 13:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-23 13:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-23 13:07 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-23 13:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-23 13:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-23 13:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-23 13:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-23 13:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-23 13:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-23 13:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-23 13:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-23 13:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-23 13:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-23 13:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-23 13:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-23 13:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-23 13:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-23 13:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-23 13:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-23 13:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-23 13:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-23 13:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-23 13:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-23 12:12 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-23 12:11 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-21 17:08 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-09-21 17:08 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2006-09-21 17:08 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-09-21 17:08 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-09-21 17:08 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2006-09-21 17:08 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-09-21 17:08 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2006-09-21 17:08 40,960 --------- C:\WINDOWS\system32\langserv.dll
2006-09-21 17:08 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-09-21 17:08 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-09-21 17:08 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-09-21 17:08 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2006-09-21 17:08 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-09-21 17:08 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-09-21 17:08 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-09-21 17:08 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2006-09-21 17:08 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-09-21 17:08 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-09-21 17:08 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-09-21 17:08 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2006-09-21 17:08 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-09-21 17:05 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2006-09-21 17:05 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-09-21 17:05 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-09-21 17:05 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-09-21 17:05 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-09-17 18:01 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2006-09-17 18:01 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2006-09-17 18:01 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-17 18:01 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2006-09-17 18:01 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2006-09-17 18:01 188,416 --a------ C:\WINDOWS\system32\eax.dll
2006-09-17 18:01 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2006-09-17 18:01 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 20:21 -------- d-------- C:\Program Files\Trillian
2006-10-04 20:17 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-04 20:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-04 17:21 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-04 17:20 -------- d-------- C:\Program Files\Symantec
2006-10-04 17:02 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-10-04 17:01 -------- d-------- C:\Program Files\Common Files
2006-10-04 15:39 -------- d-------- C:\Program Files\Windows Media Player
2006-10-04 15:33 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-04 15:07 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-04 14:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-04 14:53 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2006-10-01 00:35 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 23:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-27 22:29 -------- d-------- C:\Program Files\CleanUp!
2006-09-27 21:55 -------- d-------- C:\Program Files\HaxFix
2006-09-27 15:50 -------- d-------- C:\Documents and Settings\User1\Application Data\DMCache
2006-09-26 19:25 -------- d-------- C:\Program Files\RegistryFix
2006-09-25 20:18 -------- d-------- C:\Program Files\Unlocker
2006-09-25 18:25 -------- d-------- C:\Program Files\Grisoft
2006-09-25 18:14 -------- d-------- C:\Documents and Settings\User1\Application Data\Symantec
2006-09-24 23:00 -------- d-------- C:\Documents and Settings\User1\Application Data\Mozilla
2006-09-24 13:04 8329 --a------ C:\Documents and Settings\User1\Application Data\.googlewebacchosts
2006-09-24 09:07 -------- d-------- C:\Program Files\Alwil Software
2006-09-23 21:53 -------- d-------- C:\Program Files\Pinnacle
2006-09-23 13:09 -------- d-------- C:\Program Files\Outlook Express
2006-09-23 13:09 -------- d-------- C:\Program Files\NetMeeting
2006-09-23 13:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-23 13:09 -------- d-------- C:\Program Files\Common Files\System
2006-09-23 13:08 -------- d-------- C:\Program Files\Windows NT
2006-09-21 17:07 -------- d-------- C:\Program Files\SmartSound Software
2006-09-18 16:28 -------- d-------- C:\Program Files\Internet Download Manager
2006-09-18 16:28 -------- d-------- C:\Documents and Settings\User1\Application Data\IDM
2006-09-17 21:11 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-17 18:11 -------- d-------- C:\Program Files\GTA-SanAndreas
2006-09-16 23:24 -------- d-------- C:\Documents and Settings\User1\Application Data\Sun
2006-09-16 10:07 -------- d-------- C:\Documents and Settings\User1\Application Data\Google
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 14:44 -------- d-------- C:\Program Files\Winamp
2006-09-10 19:43 -------- d-------- C:\Documents and Settings\User1\Application Data\AdobeUM
2006-09-10 18:24 -------- d---s---- C:\Documents and Settings\User1\Application Data\Microsoft
2006-09-10 10:34 -------- d-------- C:\Program Files\Java
2006-09-07 22:32 -------- d-------- C:\Program Files\Save Flash
2006-08-29 01:28 140984 --a------ C:\WINDOWS\system32\idmmbc.dll
2006-08-24 20:40 -------- d-------- C:\Program Files\GeoVid
2006-08-22 18:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-22 18:32 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-08-22 18:25 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-22 18:05 -------- d-------- C:\Program Files\LiveUpdate
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins001.exe
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins000.exe
2006-08-22 00:22 -------- d-------- C:\Program Files\Temp
2006-08-22 00:22 -------- d-------- C:\Program Files\Anark
2006-08-21 23:49 -------- d-------- C:\Program Files\OceanDive
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:44 -------- d-------- C:\Program Files\SereneScreen
2006-08-19 11:23 -------- d-------- C:\Documents and Settings\User1\Application Data\RipIt4Me
2006-08-19 09:43 -------- d-------- C:\Program Files\PgcEdit
2006-08-18 15:30 -------- d-------- C:\Documents and Settings\User1\Application Data\Adobe
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-08-03 20:59 48 ---hs---- C:\Documents and Settings\User1\Application Data\.zreglib


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wnmicf

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmicf.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmifc.sys

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User1.job

Completion time: 06-10-04 20:46:10.49
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

******************************************************
HJT Log
******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 20:46, on 06-10-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: d3dishsv.dll wmneprfl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O20 - Winlogon Notify: wnmicf - wnmicf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Ried]

Almost there.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

Once again, it is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download KillBox. (it's important that you get version v2.0.0.175). We'll use it shortly.

***************************************************

From Normal Mode:

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:

O20 - AppInit_DLLs: d3dishsv.dll wmneprfl.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O20 - Winlogon Notify: wnmicf - wnmicf.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-----------------------------------------------------

Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /v d3dishsv wmneprfl

When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------------------------

Launch KillBox.exe & select the following options:

• Delete on Reboot
• All files (if available)

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\dumwnmifc.sys
C:\dumwnmicf.sys
C:\dumwnmicf.dll

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click Yes at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows.

***************************************************

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log.

[randomrandom]

I got this error after i did the "fix checked" in HJT what should i do?

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: d3dishsv.dll wmneprfl.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

[Ried]

Keep going. If you've stopped and closed HijackThis, begin again, ignore that message, and continue with the remaining instructions.

[randomrandom]

I got this error message every time i tried to use killbox on a file:
"PendingFileRenameOperations registry data has been removed by external process"

I restarted windows manually and did killbox again, and i still got this same error. Hopefully that just means that the files im trying to delete are gone.
Here are the logs you wanted:

******************************************************
Combofix
******************************************************
User1 - 06-10-07 10:46:43.87 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))


2006-10-07 10:22 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-10-07 10:22 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2006-10-07 10:22 544,256 --a------ C:\WINDOWS\system32\crypt32.dll
2006-10-07 10:22 53,760 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-07 10:22 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2006-10-07 10:22 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-07 10:22 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-07 10:22 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-07 10:22 125,440 --a------ C:\WINDOWS\system32\shmedia.dll
2006-10-07 10:21 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-10-07 10:21 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-10-07 10:21 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-10-07 10:21 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-10-07 10:21 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-10-07 10:21 50,176 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-07 10:21 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-10-07 10:21 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-10-07 10:21 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-10-07 10:21 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-10-07 10:21 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-10-07 10:21 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-10-07 10:21 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-10-07 10:21 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-10-07 10:21 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-10-07 10:21 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-10-07 10:21 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-10-07 10:21 214,528 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-07 10:21 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-10-07 10:21 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-10-07 10:21 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-10-07 10:16 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-07 10:16 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-07 10:16 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-07 10:06 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-10-07 10:06 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-10-07 10:06 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-10-07 10:06 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-10-07 10:06 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-10-07 10:06 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-10-07 10:06 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-10-07 10:06 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-10-07 10:06 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-10-07 10:06 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-10-07 10:06 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-10-07 10:06 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-10-07 10:06 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-10-07 10:06 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-10-07 10:06 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-10-07 10:06 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-10-07 10:06 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-10-05 15:34 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-05 15:34 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-10-05 15:34 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-05 15:34 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-10-05 15:34 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-04 20:01 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-10-04 17:01 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-04 15:00 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-04 15:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-25 14:47 7,483 --a------ C:\clean.bat
2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-23 15:24 24,661 -