Corrupt Norton, almost all webpages are redirected to microsoft.com - Page 3

Ried · 10-09-2006, 07:21 PM

I hate to tell you this, but I need you to rescan with Kaspersky. It needed to be set to 'Extended' scan and yours was a 'Standard' scan.

Here are the instructions again:

You can clear your Norton Quarantine if you wish--that should speed things up a bit. If you're unsure on how to do it, you can use Symantec's guide.

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

randomrandom · 10-10-2006, 05:34 PM

Hey,
here are the logs! Oh and i thought it best to leave the quarantined files alone....best not to mess up my comp NOW :-)
************************************************
Kaspersky Log
************************************************
KASPERSKY ONLINE SCANNER REPORT
October 09, 2006 10:00:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/10/2006
Kaspersky Anti-Virus database records: 230213
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 117497
Number of viruses found 19
Number of infected objects 97 / 0
Number of suspicious objects 0
Duration of the scan process 01:42:29

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A3733B2.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AE51EAB.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171F3CE8.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19BC7014.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AEC5B93.exe Infected: Backdoor.Win32.Delf.ats skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24BE363C.EXE Infected: Trojan-Downloader.Win32.Agent.aox skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F287D39.exe/data0002 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F287D39.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F287D39.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32814309.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38A350BF.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38A77ABB.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38AA24B8.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C1F16EA.sys Infected: Backdoor.Win32.Haxdoor.ii skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43366AE9.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43E4785D.DLL Infected: Backdoor.Win32.Haxdoor.lc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D725F5B.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50790760.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51575EE8.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51DA1BF7.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51DA1BF7.exe/stream Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51DA1BF7.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51DA1BF7.exe CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56893EC8.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56933CBD.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\569666B9.dll Infected: Trojan-PSW.Win32.Sinowal.ay skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\569666B9.htm Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\569A10B6.exe Infected: Trojan-Proxy.Win32.Wopla.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\569D3AB2.exe Infected: Backdoor.Win32.Delf.ats skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57601A44.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C95168.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C95168.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C95168.tmp/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C95168.tmp NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C95168.tmp CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A3B5810.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B0F3D25.sys Infected: Backdoor.Win32.Haxdoor.ii skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C0544BF.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5F608C.tmp/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5F608C.tmp/stream Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5F608C.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5F608C.tmp CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61A61EDE.tmp/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61A61EDE.tmp/stream Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61A61EDE.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61A61EDE.tmp CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6632260B.exe/data0002 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6632260B.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6632260B.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\690D62E6.tmp/data0002 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\690D62E6.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\690D62E6.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A87143C.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7062684D.tmp/data0002 Infected: Trojan.Win32.VB.ami skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7062684D.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7062684D.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72A14C3C.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EBC2A1A.exe Infected: Trojan.Win32.Opnis.l skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User1\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\User1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User1\Desktop\Projects\crack.rar/Free Popup Blocker.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Documents and Settings\User1\Desktop\Projects\crack.rar/Free Popup Blocker.exe/stream Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Documents and Settings\User1\Desktop\Projects\crack.rar/Free Popup Blocker.exe Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Documents and Settings\User1\Desktop\Projects\crack.rar RAR: infected - 3 skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0\installer.exe/stream/data0001 Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0\installer.exe/stream Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0\installer.exe NSIS: infected - 2 skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0.rar/installer.exe/stream/data0001 Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0.rar/installer.exe/stream Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0.rar/installer.exe Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\ImTOO.DVD.to.PSP.Converter.v4.0.52.0630.Incl.Keygen-Lz0.rar RAR: infected - 3 skipped
C:\Documents and Settings\User1\Desktop\Projects\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip.rar/Free Popup Blocker.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Documents and Settings\User1\Desktop\Projects\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip.rar/Free Popup Blocker.exe/stream Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Documents and Settings\User1\Desktop\Projects\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip.rar/Free Popup Blocker.exe Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Documents and Settings\User1\Desktop\Projects\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip.rar/installer.exe/data0002 Infected: Trojan-Clicker.MSIL.Xone.a skipped
C:\Documents and Settings\User1\Desktop\Projects\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip.rar/installer.exe Infected: Trojan-Clicker.MSIL.Xone.a skipped
C:\Documents and Settings\User1\Desktop\Projects\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip.rar ZIP: infected - 5 skipped
C:\Documents and Settings\User1\Desktop\Projects\Sony.ACID.Pro.v6.0a.Incl.Keygen-SSG.rar/installer.exe/stream/data0001 Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\Sony.ACID.Pro.v6.0a.Incl.Keygen-SSG.rar/installer.exe/stream Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\Sony.ACID.Pro.v6.0a.Incl.Keygen-SSG.rar/installer.exe Infected: Trojan-Clicker.Win32.VB.fh skipped
C:\Documents and Settings\User1\Desktop\Projects\Sony.ACID.Pro.v6.0a.Incl.Keygen-SSG.rar RAR: infected - 3 skipped
C:\Documents and Settings\User1\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User1\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User1\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8ou4xz7.default\Cache\D9E7D4FDd01 Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\User1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\History\History.IE5\MSHist012006100920061010\index.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User1\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User1\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User1\UserData\index.dat Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-10-09.07-11-52.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0460NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0507NAV~.TMP Object is locked skipped
C:\Program Files\OceanDive\crack\Free Popup Blocker.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Program Files\OceanDive\crack\Free Popup Blocker.exe/stream Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Program Files\OceanDive\crack\Free Popup Blocker.exe NSIS: infected - 2 skipped
C:\Program Files\Save Flash\installer.exe/data0002 Infected: Trojan-Clicker.MSIL.Xone.a skipped
C:\Program Files\Save Flash\installer.exe NSIS: infected - 1 skipped
C:\Program Files\Save Flash\patch_.exe/data0002 Infected: Trojan-Clicker.MSIL.Xone.a skipped
C:\Program Files\Save Flash\patch_.exe NSIS: infected - 1 skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\Free Popup Blocker.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\Free Popup Blocker.exe/stream Infected: not-a-virus:AdWare.Win32.MegaKiss.b skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\Free Popup Blocker.exe NSIS: infected - 2 skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\installer.exe/data0002 Infected: Trojan-Clicker.MSIL.Xone.a skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\installer.exe NSIS: infected - 1 skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\patch_.exe/data0002 Infected: Trojan-Clicker.MSIL.Xone.a skipped
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\patch_.exe NSIS: infected - 1 skipped
C:\Program Files\Trillian\users\default\logs\AIM\Query\NeEdToRuN723.log Object is locked skipped
C:\Program Files\Trillian\users\default\logs\AIM\Query\tridentcadet023.log Object is locked skipped
C:\Program Files\Trillian\users\default\logs\AIM\Query\txesnumerouno.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{40933F81-2282-414E-AFF1-432B1564D997}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.CDF Object is locked skipped
Scan process completed.

******************************************************
HJT Log
******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 5:02:30 PM, on 10/9/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ried · 10-10-2006, 06:14 PM

Hiya,

Delete the following:

C:\Program Files\OceanDive\crack
C:\Program Files\Save Flash\installer.exe
C:\Program Files\Save Flash\patch_.exe
C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\Free Popup Blocker.exe

Before I issue final instructions--how is the system behaving?

randomrandom · 10-10-2006, 09:15 PM

That hang on the "windows is starting up" screen still occurs. I timed it today and windows stays for 1 min. 20 seconds on just that one screen. But besides this, everything seems to be back to normal.
Here is a HJT log made after I deleted those files and restarted my comp.

**************************************************
HJT Log
**************************************************
Logfile of HijackThis v1.99.1
Scan saved at 8:14:03 PM, on 10/10/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dxmamcia - C:\WINDOWS\system32\dxmamcia.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ried · 10-11-2006, 07:20 AM

Fix this entry with HijackThis (from Normal Mode)

O20 - Winlogon Notify: dxmamcia - C:\WINDOWS\system32\dxmamcia.dll (file missing)

As that entry was removed earlier, and previous HJT logs did not have that entry, and now it's resurfaced, I'd like you to run Haxfix Option 1 again to Make a logfile.

Post that logfile here, along with a new HijackThis log.

randomrandom · 10-11-2006, 06:27 PM

*******************************************************
Haxfix Log
*******************************************************
HAXFIX logfile - by Marckie
______________
version 4.20.1
Wed 10/11/06 17:25:22.17

checking for haxdoor
--------------------
checking for a3d files....
a3d files not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
matching services found
Aspi32

checking for matching safeboot services....
no matching safeboot services found

checking for other haxdoorfiles....

Checking for goldun
-------------------

checking for SSODL keys....
no ssodl keys found

checking for notify keys....
no notify keys found

checking for services....
no services found

checking for other goldunfiles....

Finished

*******************************************************
HJT Log
*******************************************************
Logfile of HijackThis v1.99.1
Scan saved at 5:24:58 PM, on 10/11/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ried · 10-11-2006, 06:44 PM

Ok, these logs are clean.

Now would be a good time to set a clean restore point:

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

Is the system startup still slow? How is the overall behavior of the system?

randomrandom · 10-11-2006, 11:45 PM

I'm still having that same slow startup, and now my control panel is crashing again when I open it. I did the "send error report" and clicked on "More information" and I got this:

Install Windows XP Service Pack 2 (SP2)

Thank you for submitting an error report.

Problem description

An error occurred on your computer that caused Windows to stop working.

Recommendations

At this time, no solution is available for the specific problem you reported. However, to help prevent more errors from occurring, we recommend you install Windows XP Service Pack 2 (SP2), and then install the latest security updates for your computer. There are two options for you to upgrade your computer.

+ Option 1: Upgrade online (free of charge)

This option is recommended for customers with an Internet broadband connection, such as Digital Subscriber Line (DSL) or Cable.

1. Upgrade to Windows XP SP2

* Install SP2 on a single computer.
* Install SP2 on networked computers (for IT Professionals and Developers).

If you are experiencing problems while trying to install SP2, please read What to know before you download and install Windows XP SP2 online.

2. Install the latest security updates for your computer

1. After installing SP2 and restarting your computer, go to the Microsoft Update website by clicking Start, clicking All Programs, and then clicking Microsoft Update.)
2. On the Microsoft Update website, click Express, and then install all high-priority updates that are found for your computer.

+ Option 2: Order a Windows XP SP2 installation disc (A shipping and handling charge will be assessed on your order.)

1. To order a Windows XP SP2 installation disc, go to the CD order website.
2. After you receive your CD, install Windows XP SP2, and then restart your computer.
3. Install the latest security updates by going to the Microsoft Update website, clicking Start, clicking All Programs, and then clicking Microsoft Update.
4. On the Microsoft Update website, click Express, and then install all high-priority updates that are found for your computer.

Additional information

For more information about Windows XP SP2, go to the following websites:

* Windows XP SP2 website
* Windows XP SP2 Support Center
* A list of fixes included in Windows XP Service Pack 2

From: http://oca.microsoft.com/en/response.aspx?SGD=1ef689a2-d106-48b5-8bf7-931480a3ac1e&SID=1130

Should i just install Service Pack 2? Support for Service pack 1 is expired anyway, and it seems like my last option unless you can think of something...

What do I do???

Thanks

EDIT:

I'm adding a HJT log just in case I contracted something between today and yesterday that caused the control panel crash, or if its just me needing to upgrade to SP2.

******************************************************
HJT Log
******************************************************
Logfile of HijackThis v1.99.1
Scan saved at 10:47:00 PM, on 10/11/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ried · 10-12-2006, 05:50 PM

Hi,

You should not have to upgrade to SP2 to fix that issue--the Control Panel should not be crashing.

Time to do more digging.

Please download SilentRunners.vbs (299kb) - Right click & choose Save As... SilentRunners.vbs

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts

Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete.

When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.

-----------------------------------

Download StartDreck (397kb)

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following box only:
List Modules - (listed under 'Running Proceses')
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

-----------------------------------

Also run combofix.exe again and post that log here as well.

randomrandom · 10-12-2006, 07:37 PM

Hey, Here are some more logs!

******************************************************
Silent Runners Log
******************************************************
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RemoteCenter" = "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" ["Creative Technology Ltd"]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"CTDVDDET" = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" ["Creative Technology Ltd"]
"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [file not found]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = ""C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"" ["Symantec Corporation"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"AllowLegacyWebView" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"AllowUnhashedWebView" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]

Startup items in "User1" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\User1\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Registration " -> shortcut to: "C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe -d 802574 -l english -r 7 -g -c us -i 2586" [file not found]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"U.S. Robotics 802.11g Wireless Network Utility" -> shortcut to: "C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe" ["U.S. Robotics"]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Run Full System Scan - User1" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4064EA35-578D-4073-A834-C96D82CBCF40}"
-> {HKLM...CLSID} = "&Save Flash"
\InProcServer32\(Default) = "C:\Program Files\Save Flash\SaveFlash.dll" ["TODO: <Company name>"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 205 seconds.
---------- (total run time: 521 seconds)

******************************************************
StartDreck Log
******************************************************

StartDreck (build 2.1.7 public stable) - 2006-10-12 @ 18:25:13 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as User1 at HOLLY-LBDKBTJTC

»Registry
»Run Keys
»Current User
»Run
*RemoteCenter=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
*BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*CTHelper=CTHELPER.EXE
*CTSysVol=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
*CTDVDDET=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
*SBDrvDet=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
*NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
*iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*!ewido="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
*PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*SSC_UserPrompt="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
*KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*IDMIECC.IDMIEHlprObj.1/{0055C089-8582-441B-A0BF-17B458C2A3A8}
`InprocServer32=C:\Program Files\Internet Download Manager\IDMIECC.dll
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
*SSVHelper Class/{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
`InprocServer32=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
*Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
`InprocServer32=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
*Navbho.CNavExtBho.1/{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
`InprocServer32=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
»Internet Explorer
»Current User
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Search Page=http://www.google.com
*Start Page=http://www.google.com/
+SearchUrl
*provider=gogl
*=http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
»Default User
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://securityresponse.symantec.com/avcenter/fix_homepage/
+SearchUrl
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\windows\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+SearchUrl
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\User1\Start Menu\Programs\Startup\Adobe Gamma.lnk
*C:\Documents and Settings\User1\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\User1\Start Menu\Programs\Startup\Registration .LNK
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Robotics 802.11g Wireless Network Utility.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\System32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\System32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[rename]
`NUL=InitTermMutex900
*C:\WINDOWS\System32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\System32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\System32\hh.exe
*C:\WINDOWS\hh.exe
+C:\WINDOWS\System32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\System32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\System32\taskman.exe
*C:\WINDOWS\taskman.exe
+C:\WINDOWS\System32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+560=\SystemRoot\System32\smss.exe
+624=\??\C:\WINDOWS\system32\csrss.exe
+656=\??\C:\WINDOWS\system32\winlogon.exe
+700=C:\WINDOWS\system32\services.exe
+712=C:\WINDOWS\system32\lsass.exe
+856=C:\WINDOWS\system32\Ati2evxx.exe
+876=C:\WINDOWS\system32\svchost.exe
+972=C:\WINDOWS\system32\svchost.exe
+1012=C:\WINDOWS\System32\svchost.exe
+1184=C:\WINDOWS\System32\svchost.exe
+1224=C:\WINDOWS\System32\svchost.exe
+1488=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1512=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+1584=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
+1652=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+1676=C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
+1748=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+1988=C:\WINDOWS\system32\spoolsv.exe
+2024=C:\WINDOWS\system32\Ati2evxx.exe
+204=C:\WINDOWS\Explorer.EXE
+332=C:\WINDOWS\System32\alg.exe
+380=C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
+416=C:\WINDOWS\system32\CTsvcCDA.exe
+440=C:\Program Files\ewido anti-spyware 4.0\guard.exe
+472=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+496=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
+676=C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
+988=C:\WINDOWS\System32\svchost.exe
+2228=C:\WINDOWS\System32\CTHELPER.EXE
+2236=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
+2264=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
+2512=C:\Program Files\iTunes\iTunesHelper.exe
+2904=C:\Program Files\iPod\bin\iPodService.exe
+3112=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+3280=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
+3304=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
+3576=C:\WINDOWS\System32\WgaTray.exe
+3688=C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
+1324=C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
+952=C:\WINDOWS\System32\wuauclt.exe
+3388=C:\Program Files\Messenger\msmsgs.exe
+2544=C:\Documents and Settings\User1\Desktop\StartDreck\StartDreck.exe
»NT Services
*Adobe LM Service Adobe LM Service - on demand
`binary: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
*Alerter Alerter - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Application Layer Gateway Service ALG running on demand
`binary: C:\WINDOWS\System32\alg.exe
*Application Management AppMgmt - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*ASP.NET State Service aspnet_state - on demand
`binary: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
*Ati HotKey Poller Ati HotKey Poller running auto
`binary: C:\WINDOWS\system32\Ati2evxx.exe
*Windows Audio AudioSrv running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Automatic LiveUpdate Scheduler Automatic LiveUpdate running auto
`binary: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
*Background Intelligent Transfer Service BITS - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Computer Browser Browser running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec Event Manager ccEvtMgr running auto
`binary: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
*Symantec Internet Security Password Validation ccISPwdSvc - on demand
`binary: "C:\Program Files\Norton Internet Security\ccPwdSvc.exe"
*Symantec Network Proxy ccProxy running auto
`binary: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
*Symantec Settings Manager ccSetMgr running auto
`binary: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
*Indexing Service CiSvc - on demand
`binary: C:\WINDOWS\system32\cisvc.exe
*ClipBook ClipSrv - disabled
`binary: C:\WINDOWS\system32\clipsrv.exe
*.NET Runtime Optimization Service v2.0.50727_X8 clr_optimization_v2. - on demand
`6
`binary: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
*COM Host comHost - on demand
`binary: "C:\Program Files\Norton Internet Security\comHost.exe"
*COM+ System Application COMSysApp - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
*Creative Service for CDROM Access Creative Service for running auto
`binary: C:\WINDOWS\system32\CTsvcCDA.exe
*Cryptographic Services CryptSvc running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*DCOM Server Process Launcher DcomLaunch starting... auto
`binary: C:\WINDOWS\system32\svchost -k DcomLaunch
*DHCP Client Dhcp running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Logical Disk Manager Administrative Service dmadmin - on demand
`binary: C:\WINDOWS\System32\dmadmin.exe /com
*Logical Disk Manager dmserver - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*DNS Client Dnscache running auto
`binary: C:\WINDOWS\System32\svchost.exe -k NetworkService
*Error Reporting Service ERSvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Event Log Eventlog running auto
`binary: C:\WINDOWS\system32\services.exe
*COM+ Event System EventSystem running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*ewido anti-spyware 4.0 guard ewido anti-spyware 4 running auto
`binary: C:\Program Files\ewido anti-spyware 4.0\guard.exe
*Fast User Switching Compatibility FastUserSwitchingCom running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Help and Support helpsvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Human Interface Device Access HidServ - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*HTTP SSL HTTPFilter - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
*InstallDriver Table Manager IDriverT - on demand
`binary: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
*IMAPI CD-Burning COM Service ImapiService - on demand
`binary: C:\WINDOWS\System32\imapi.exe
*IPv6 Internet Connection Firewall Ip6FwHlp - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*iPodService iPodService running on demand
`binary: C:\Program Files\iPod\bin\iPodService.exe
*Server lanmanserver running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Workstation lanmanworkstation running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*LiveUpdate LiveUpdate - on demand
`binary: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
*TCP/IP NetBIOS Helper LmHosts running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Machine Debug Manager MDM running auto
`binary: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
*Messenger Messenger running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NetMeeting Remote Desktop Sharing mnmsrvc - on demand
`binary: C:\WINDOWS\System32\mnmsrvc.exe
*Distributed Transaction Coordinator MSDTC - on demand
`binary: C:\WINDOWS\System32\msdtc.exe
*Windows Installer MSIServer - on demand
`binary: C:\WINDOWS\System32\msiexec.exe /V
*MSSQL$SONY_MEDIAMGR MSSQL$SONY_MEDIAMGR - on demand
`binary: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
*MSSQLServerADHelper MSSQLServerADHelper - on demand
`binary: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
*Norton AntiVirus Auto-Protect Service navapsvc running on demand
`binary: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
*Network DDE NetDDE - disabled
`binary: C:\WINDOWS\system32\netdde.exe
*Network DDE DSDM NetDDEdsdm - disabled
`binary: C:\WINDOWS\system32\netdde.exe
*Net Logon Netlogon - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Network Connections Netman running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Network Location Awareness (NLA) Nla running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Norton Protection Center Service NSCService running on demand
`binary: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
*NT LM Security Support Provider NtLmSsp - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Removable Storage NtmsSvc - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Plug and Play PlugPlay running auto
`binary: C:\WINDOWS\system32\services.exe
*IPSEC Services PolicyAgent running auto
`binary: C:\WINDOWS\System32\lsass.exe
*Protected Storage ProtectedStorage running auto
`binary: C:\WINDOWS\system32\lsass.exe
*Remote Access Auto Connection Manager RasAuto - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Access Connection Manager RasMan running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Desktop Help Session Manager RDSessMgr - on demand
`binary: C:\WINDOWS\system32\sessmgr.exe
*Routing and Remote Access RemoteAccess - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Procedure Call (RPC) Locator RpcLocator - on demand
`binary: C:\WINDOWS\System32\locator.exe
*Remote Procedure Call (RPC) RpcSs running auto
`binary: C:\WINDOWS\system32\svchost -k rpcss
*QoS RSVP RSVP - on demand
`binary: C:\WINDOWS\system32\rsvp.exe
*Security Accounts Manager SamSs running auto
`binary: C:\WINDOWS\system32\lsass.exe
*Symantec AVScan SAVScan - on demand
`binary: "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
*Smart Card Helper SCardDrv - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Smart Card SCardSvr - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Task Scheduler Schedule running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Secondary Logon seclogon running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*System Event Notification SENS running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Internet Connection Firewall (ICF) / Internet C SharedAccess running auto
`onnection Sharing (ICS)
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Shell Hardware Detection ShellHWDetection running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec Network Drivers Service SNDSrvc running auto
`binary: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
*Symantec SPBBCSvc SPBBCSvc running auto
`binary: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
*Print Spooler Spooler running auto
`binary: C:\WINDOWS\system32\spoolsv.exe
*SQLAgent$SONY_MEDIAMGR SQLAgent$SONY_MEDIAM - on demand
`binary: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
*System Restore Service srservice running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*SSDP Discovery Service SSDPSRV - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*StarWind iSCSI Service StarWindService running auto
`binary: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
*Windows Image Acquisition (WIA) stisvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k imgsvc
*MS Software Shadow Copy Provider SwPrv - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{1B7B6807-E8A4-4622-8D02-68D8DE0E5E41}
*Symantec Core LC Symantec Core LC running auto
`binary: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
*Performance Logs and Alerts SysmonLog - on demand
`binary: C:\WINDOWS\system32\smlogsvc.exe
*Telephony TapiSrv running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Terminal Services TermService running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Themes Themes running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Distributed Link Tracking Client TrkWks running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Windows User Mode Driver Framework UMWdf - on demand
`binary: C:\WINDOWS\System32\wdfmgr.exe
*Universal Plug and Play Device Host upnphost - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Uninterruptible Power Supply UPS - on demand
`binary: C:\WINDOWS\System32\ups.exe
*Volume Shadow Copy VSS - on demand
`binary: C:\WINDOWS\System32\vssvc.exe
*Windows Time W32Time running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WebClient WebClient running auto
`binary: C:\WINDOWS\system32\svchost.exe -k LocalService
*Windows Management Instrumentation winmgmt running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Portable Media Serial Number Service WmdmPmSN - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WMI Performance Adapter WmiApSrv - on demand
`binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe
*Automatic Updates wuauserv running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Wireless Zero Configuration WZCSVC running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Network Provisioning Service xmlprov - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
»NT Kernel- and FS-drivers
*61883 Unit Device 61883 - on demand
`binary: system32\DRIVERS\61883.sys
*Abiosdsk Abiosdsk - disabled
`binary:
*abp480n5 abp480n5 - disabled
`binary:
*Microsoft ACPI Driver ACPI running boot
`binary: \SystemRoot\System32\DRIVERS\ACPI.sys
*ACPIEC ACPIEC - disabled
`binary:
*adpu160m adpu160m - disabled
`binary:
*Microsoft Kernel Acoustic Echo Canceller aec - on demand
`binary: system32\drivers\aec.sys
*AFD Networking Support Environment AFD running system
`binary: \SystemRoot\System32\drivers\afd.sys
*Aha154x Aha154x - disabled
`binary:
*aic78u2 aic78u2 - disabled
`binary:
*aic78xx aic78xx - disabled
`binary:
*AliIde AliIde - disabled
`binary:
*amsint amsint - disabled
`binary:
*1394 ARP Client Protocol Arp1394 - on demand
`binary: System32\DRIVERS\arp1394.sys
*asc asc - disabled
`binary:
*asc3350p asc3350p - disabled
`binary:
*asc3550 asc3550 - disabled
`binary:
*Aspi32 Aspi32 running auto
`binary: System32\drivers\aspi32.sys
*RAS Asynchronous Media Driver AsyncMac - on demand
`binary: System32\DRIVERS\asyncmac.sys
*Standard IDE/ESDI Hard Disk Controller atapi running boot
`binary: \SystemRoot\System32\DRIVERS\atapi.sys
*Atdisk Atdisk - disabled
`binary:
*ati2mtag ati2mtag running on demand
`binary: System32\DRIVERS\ati2mtag.sys
*ATM ARP Client Protocol Atmarpc - on demand
`binary: System32\DRIVERS\atmarpc.sys
*Audio Stub Driver audstub running on demand
`binary: System32\DRIVERS\audstub.sys
*AVC Device Avc - on demand
`binary: system32\DRIVERS\avc.sys
*Beep Beep running system
`binary:
*cbidf2k cbidf2k - disabled
`binary:
*Closed Caption Decoder CCDECODE - on demand
`binary: system32\DRIVERS\CCDECODE.sys
*cd20xrnt cd20xrnt - disabled
`binary:
*Cdaudio Cdaudio - system
`binary:
*Cdfs Cdfs running disabled
`binary:
*CD-ROM Driver Cdrom running system
`binary: System32\DRIVERS\cdrom.sys
*Changer Changer - system
`binary:
*CmdIde CmdIde - disabled
`binary:
*Cpqarray Cpqarray - disabled
`binary:
*Creative AC3 Software Decoder ctac32k running on demand
`binary: System32\drivers\ctac32k.sys
*Creative Audio Driver (WDM) ctaud2k running on demand
`binary: system32\drivers\ctaud2k.sys
*Creative DVD-Audio Device Driver ctdvda2k - on demand
`binary: System32\drivers\ctdvda2k.sys
*Creative Proxy Driver ctprxy2k running on demand
`binary: System32\drivers\ctprxy2k.sys
*Creative SoundFont Management Device Driver ctsfm2k running on demand
`binary: System32\drivers\ctsfm2k.sys
*dac960nt dac960nt - disabled
`binary:
*Disk Driver Disk running boot
`binary: \SystemRoot\System32\DRIVERS\disk.sys
*dmboot dmboot - disabled
`binary: System32\drivers\dmboot.sys
*dmio dmio - disabled
`binary:
*dmload dmload - disabled
`binary:
*Microsoft Kernel DLS Syntheiszer DMusic - on demand
`binary: system32\drivers\DMusic.sys
*dpti2o dpti2o - disabled
`binary:
*Microsoft Kernel DRM Audio Descrambler drmkaud - on demand
`binary: system32\drivers\drmkaud.sys
*E-mu Plug-in Architecture Driver emupia running on demand
`binary: System32\drivers\emupia2k.sys
*ewido anti-spyware 4.0 driver ewido anti-spyware 4 running system
`binary: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys
*Fastfat Fastfat running disabled
`binary:
*Floppy Disk Controller Driver Fdc running on demand
`binary: System32\DRIVERS\fdc.sys
*Fips Fips running system
`binary:
*Floppy Disk Driver Flpydisk running on demand
`binary: System32\DRIVERS\flpydisk.sys
*FltMgr FltMgr - boot
`binary: \SystemRoot\system32\drivers\fltmgr.sys
*Volume Manager Driver Ftdisk running boot
`binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
*Game Port Enumerator gameenum running on demand
`binary: system32\DRIVERS\gameenum.sys
*Microsoft SideWinder Value Add - Filter Driver GcKernel - on demand
`binary: system32\DRIVERS\GcKernel.sys
*GEARAspiWDM GEARAspiWDM - on demand
`binary: System32\Drivers\GEARAspiWDM.sys
*gmer gmer - on demand
`binary: System32\DRIVERS\gmer.sys
*Generic Packet Classifier Gpc running on demand
`binary: System32\DRIVERS\msgpc.sys
*Creative Hardware Abstract Layer Driver ha10kx2k running on demand
`binary: System32\drivers\ha10kx2k.sys
*Creative P16V HAL Driver hap16v2k running on demand
`binary: System32\drivers\hap16v2k.sys
*Microsoft SideWinder Virtual HID Device Mini-Dr HIDSwvd - on demand
`iver
`binary: system32\DRIVERS\HIDSwvd.sys
*Microsoft HID Class Driver HidUsb - on demand
`binary: system32\DRIVERS\hidusb.sys
*hpn hpn - disabled
`binary:
*HTTP HTTP - on demand
`binary: System32\Drivers\HTTP.sys
*i2omgmt i2omgmt - system
`binary:
*i2omp i2omp - disabled
`binary:
*i8042 Keyboard and PS/2 Mouse Port Driver i8042prt running system
`binary: System32\DRIVERS\i8042prt.sys
*CD-Burning Filter Driver Imapi running system
`binary: System32\DRIVERS\imapi.sys
*ini910u ini910u - disabled
`binary:
*IntelIde IntelIde - disabled
`binary:
*IPv6 Firewall Driver ip6fw - on demand
`binary: system32\drivers\ip6fw.sys
*IP Traffic Filter Driver IpFilterDriver - on demand
`binary: System32\DRIVERS\ipfltdrv.sys
*IP in IP Tunnel Driver IpInIp - on demand
`binary: System32\DRIVERS\ipinip.sys
*IP Network Address Translator IpNat running on demand
`binary: System32\DRIVERS\ipnat.sys
*IPSEC driver IPSec running system
`binary: System32\DRIVERS\ipsec.sys
*IR Enumerator Service IRENUM - on demand
`binary: System32\DRIVERS\irenum.sys
*PnP ISA/EISA Bus Driver isapnp running boot
`binary: \SystemRoot\System32\DRIVERS\isapnp.sys
*Keyboard Class Driver Kbdclass running system
`binary: System32\DRIVERS\kbdclass.sys
*Keyboard HID Driver kbdhid - system
`binary: system32\DRIVERS\kbdhid.sys
*Microsoft Kernel Wave Audio Mixer kmixer - on demand
`binary: system32\drivers\kmixer.sys
*KSecDD KSecDD running boot
`binary:
*lbrtfdc lbrtfdc - system
`binary:
*mnmdd mnmdd running system
`binary:
*Modem Modem - on demand
`binary:
*Mouse Class Driver Mouclass running system
`binary: System32\DRIVERS\mouclass.sys
*Mount Point Manager MountMgr running boot
`binary:
*mraid35x mraid35x - disabled
`binary:
*WebDav Client Redirector MRxDAV running on demand
`binary: System32\DRIVERS\mrxdav.sys
*MRxSmb MRxSmb running system
`binary: System32\DRIVERS\mrxsmb.sys
*Microsoft DV Camera and VCR MSDV - on demand
`binary: System32\DRIVERS\msdv.sys
*Msfs Msfs running system
`binary:
*Microsoft Streaming Service Proxy MSKSSRV - on demand
`binary: system32\drivers\MSKSSRV.sys
*Microsoft Streaming Clock Proxy MSPCLOCK - on demand
`binary: system32\drivers\MSPCLOCK.sys
*Microsoft Streaming Quality Manager Proxy MSPQM - on demand
`binary: system32\drivers\MSPQM.sys
*Microsoft System Management BIOS Driver mssmbios running on demand
`binary: System32\DRIVERS\mssmbios.sys
*Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE - on demand
`binary: system32\drivers\MSTEE.sys
*Mup Mup running boot
`binary:
*NABTS/FEC VBI Codec NABTSFEC - on demand
`binary: system32\DRIVERS\NABTSFEC.sys
*NAVENG NAVENG running on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061012.019\NAVENG.Sys
*NAVEX15 NAVEX15 running on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061012.019\NavEx15.Sys
*NDIS System Driver NDIS running boot
`binary:
*Microsoft TV/Video Connection NdisIP - on demand
`binary: system32\DRIVERS\NdisIP.sys
*Remote Access NDIS TAPI Driver NdisTapi running on demand
`binary: System32\DRIVERS\ndistapi.sys
*NDIS Usermode I/O Protocol Ndisuio running on demand
`binary: System32\DRIVERS\ndisuio.sys
*Remote Access NDIS WAN Driver NdisWan running on demand
`binary: System32\DRIVERS\ndiswan.sys
*NDIS Proxy NDProxy running on demand
`binary:
*NetBIOS Interface NetBIOS running system
`binary: System32\DRIVERS\netbios.sys
*NetBios over Tcpip NetBT running system
`binary: System32\DRIVERS\netbt.sys
*1394 Net Driver NIC1394 - on demand
`binary: System32\DRIVERS\nic1394.sys
*Npfs Npfs running system
`binary:
*Ntfs Ntfs running disabled
`binary:
*Null Null running system
`binary:
*IPX Traffic Filter Driver NwlnkFlt - on demand
`binary: System32\DRIVERS\nwlnkflt.sys
*IPX Traffic Forwarder Driver NwlnkFwd - on demand
`binary: System32\DRIVERS\nwlnkfwd.sys
*VIA OHCI Compliant IEEE 1394 Host Controller ohci1394 running boot
`binary: \SystemRoot\System32\DRIVERS\ohci1394.sys
*Creative OS Services Driver ossrv running on demand
`binary: system32\drivers\ctoss2k.sys
*Parallel port driver Parport running on demand
`binary: System32\DRIVERS\parport.sys
*Partition Manager PartMgr running boot
`binary:
*ParVdm ParVdm running auto
`binary:
*PCI Bus Driver PCI running boot
`binary: \SystemRoot\System32\DRIVERS\pci.sys
*PCIDump PCIDump - system
`binary:
*PCIIde PCIIde - disabled
`binary:
*PCLEPCI PCLEPCI running system
`binary: \??\C:\WINDOWS\system32\drivers\pclepci.sys
*Pcmcia Pcmcia - disabled
`binary:
*Low level access layer for CD devices Pcouffin running on demand
`binary: System32\Drivers\Pcouffin.sys
*PDCOMP PDCOMP - on demand
`binary:
*PDFRAME PDFRAME - on demand
`binary:
*PDRELI PDRELI - on demand
`binary:
*PDRFRAME PDRFRAME - on demand
`binary:
*perc2 perc2 - disabled
`binary:
*perc2hib perc2hib - disabled
`binary:
*PfModNT PfModNT running auto
`binary: \??\C:\WINDOWS\system32\drivers\PfModNT.sys
*WAN Miniport (PPTP) PptpMiniport running on demand
`binary: System32\DRIVERS\raspptp.sys
*Processor Driver Processor running system
`binary: System32\DRIVERS\processr.sys
*QoS Packet Scheduler PSched running on demand
`binary: System32\DRIVERS\psched.sys
*Direct Parallel Link Driver Ptilink running on demand
`binary: System32\DRIVERS\ptilink.sys
*PxHelp20 PxHelp20 running boot
`binary: \SystemRoot\System32\Drivers\PxHelp20.sys
*ql1080 ql1080 - disabled
`binary:
*Ql10wnt Ql10wnt - disabled
`binary:
*ql12160 ql12160 - disabled
`binary:
*ql1240 ql1240 - disabled
`binary:
*ql1280 ql1280 - disabled
`binary:
*Remote Access Auto Connection Driver RasAcd running system
`binary: System32\DRIVERS\rasacd.sys
*WAN Miniport (L2TP) Rasl2tp running on demand
`binary: System32\DRIVERS\rasl2tp.sys
*Remote Access PPPOE Driver RasPppoe running on demand
`binary: System32\DRIVERS\raspppoe.sys
*Direct Parallel Raspti running on demand
`binary: System32\DRIVERS\raspti.sys
*Rdbss Rdbss running system
`binary: System32\DRIVERS\rdbss.sys
*RDPCDD RDPCDD running system
`binary: System32\DRIVERS\RDPCDD.sys
*RDPWD RDPWD - on demand
`binary:
*Digital CD Audio Playback Filter Driver redbook running system
`binary: System32\DRIVERS\redbook.sys
*SAVRT SAVRT running on demand
`binary: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
*SAVRTPEL SAVRTPEL running system
`binary: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
*Secdrv Secdrv - on demand
`binary: System32\DRIVERS\secdrv.sys
*Serenum Filter Driver serenum running on demand
`binary: System32\DRIVERS\serenum.sys
*Serial port driver Serial running system
`binary: System32\DRIVERS\serial.sys
*StarForce Protection Environment Driver (versio sfdrv01 running boot
`n 1.x)
`binary: \SystemRoot\System32\drivers\sfdrv01.sys
*StarForce Protection Helper Driver (version 2.x sfhlp02 running boot
`)
`binary: \SystemRoot\System32\drivers\sfhlp02.sys
*Sfloppy Sfloppy - system
`binary:
*StarForce Protection VFS Driver (version 2.x) sfvfs02 running boot
`binary: \SystemRoot\System32\drivers\sfvfs02.sys
*Simbad Simbad - disabled
`binary:
*BDA Slip De-Framer SLIP - on demand
`binary: system32\DRIVERS\SLIP.sys
*Sparrow Sparrow - disabled
`binary:
*SPBBCDrv SPBBCDrv running system
`binary: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
*Microsoft Kernel Audio Splitter splitter - on demand
`binary: system32\drivers\splitter.sys
*System Restore Filter Driver sr running boot
`binary: \SystemRoot\System32\DRIVERS\sr.sys
*Srv Srv running on demand
`binary: System32\DRIVERS\srv.sys
*BDA IPSink streamip - on demand
`binary: system32\DRIVERS\StreamIP.sys
*Software Bus Driver swenum running on demand
`binary: System32\DRIVERS\swenum.sys
*Microsoft Kernel GS Wavetable Synthesizer swmidi - on demand
`binary: system32\drivers\swmidi.sys
*Microsoft SideWinder VIA Filter Driver SWUSBFLT - on demand
`binary: system32\DRIVERS\SWUSBFLT.sys
*symc810 symc810 - disabled
`binary:
*symc8xx symc8xx - disabled
`binary:
*SYMDNS SYMDNS running on demand
`binary: \SystemRoot\System32\Drivers\SYMDNS.SYS
*SymEvent SymEvent running on demand
`binary: \??\C:\Program Files\Symantec\SYMEVENT.SYS
*SYMFW SYMFW running on demand
`binary: \SystemRoot\System32\Drivers\SYMFW.SYS
*SYMIDS SYMIDS running on demand
`binary: \SystemRoot\System32\Drivers\SYMIDS.SYS
*SYMIDSCO SYMIDSCO running on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060922.092\symidsco.sys
*symlcbrd symlcbrd running auto
`binary: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
*SYMNDIS SYMNDIS running on demand
`binary: \SystemRoot\System32\Drivers\SYMNDIS.SYS
*SYMREDRV SYMREDRV running on demand
`binary: \SystemRoot\System32\Drivers\SYMREDRV.SYS
*SYMTDI SYMTDI running system
`binary: \SystemRoot\System32\Drivers\SYMTDI.SYS
*sym_hi sym_hi - disabled
`binary:
*sym_u3 sym_u3 - disabled
`binary:
*Microsoft Kernel System Audio Device sysaudio running on demand
`binary: system32\drivers\sysaudio.sys
*TCP/IP Protocol Driver Tcpip running system
`binary: System32\DRIVERS\tcpip.sys
*TDPIPE TDPIPE - on demand
`binary:
*TDTCP TDTCP - on demand
`binary:
*Terminal Device Driver TermDD running system
`binary: System32\DRIVERS\termdd.sys
*TIEHDUSB TIEHDUSB - on demand
`binary: system32\drivers\tiehdusb.sys
*TosIde TosIde - disabled
`binary:
*TVICHW32 TVICHW32 - on demand
`binary: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
*Udfs Udfs - disabled
`binary:
*ultra ultra - disabled
`binary:
*Microcode Update Driver Update running on demand
`binary: System32\DRIVERS\update.sys
*Microsoft USB 2.0 Enhanced Host Controller Mini usbehci running on demand
`port Driver
`binary: System32\DRIVERS\usbehci.sys
*USB2 Enabled Hub usbhub running on demand
`binary: System32\DRIVERS\usbhub.sys
*Motorola USB Modem Driver usbser - on demand
`binary: system32\DRIVERS\usbser.sys
*Motorola USB Modem Driver for MPT usbsermpt - on demand
`binary: system32\DRIVERS\usbsermpt.sys
*USB Mass Storage Driver USBSTOR - on demand
`binary: system32\DRIVERS\USBSTOR.SYS
*Microsoft USB Universal Host Controller Minipor usbuhci running on demand
`t Driver
`binary: System32\DRIVERS\usbuhci.sys
*U.S. Robotics 802.11g Wireless Turbo Adapter USR11G running on demand
`binary: system32\DRIVERS\USR11G.sys
*Vax347b Vax347b running boot
`binary: \SystemRoot\system32\DRIVERS\Vax347b.sys
*Vax347s Vax347s running boot
`binary: \SystemRoot\System32\Drivers\Vax347s.sys
*VGA Display Controller. VgaSave running system
`binary: \SystemRoot\System32\drivers\vga.sys
*VIA AGP Filter viaagp1 running boot
`binary: \SystemRoot\System32\DRIVERS\viaagp1.sys
*ViaIde ViaIde running boot
`binary: \SystemRoot\System32\DRIVERS\viaide.sys
*viasraid viasraid running boot
`binary: \SystemRoot\System32\DRIVERS\viasraid.sys
*VolSnap VolSnap running boot
`binary:
*Remote Access IP ARP Driver Wanarp running on demand
`binary: System32\DRIVERS\wanarp.sys
*WDICA WDICA - on demand
`binary:
*Microsoft WINMM WDM Audio Compatibility Driver wdmaud running on demand
`binary: system32\drivers\wdmaud.sys
*WpdUsb WpdUsb - on demand
`binary: System32\Drivers\wpdusb.sys
*World Standard Teletext Codec WSTCODEC - on demand
`binary: system32\DRIVERS\WSTCODEC.SYS
*XPROTECTOR XPROTECTOR running system
`binary: \??\C:\WINDOWS\system32\drivers\Oreans.sys
*NDIS5.1 Miniport Driver for Marvell Yukon Ether yukonwxp - on demand
`net Controller
`binary: System32\DRIVERS\yk51x86.sys
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

******************************************************
Combofix Log
******************************************************

User1 - 06-10-12 18:32:29.59 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-12 to 2006-10-12 ))))))))))))))))))))))))))))))))))

2006-10-11 23:09 57,344 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-11 23:09 31,232 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-11 23:09 281,088 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-11 23:09 1,630,208 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-07 11:05 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-07 10:22 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-10-07 10:22 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2006-10-07 10:22 544,256 --a------ C:\WINDOWS\system32\crypt32.dll
2006-10-07 10:22 53,760 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-07 10:22 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2006-10-07 10:22 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-07 10:22 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-07 10:22 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-07 10:22 125,440 --a------ C:\WINDOWS\system32\shmedia.dll
2006-10-07 10:21 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-10-07 10:21 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-10-07 10:21 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-10-07 10:21 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-10-07 10:21 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-10-07 10:21 50,176 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-07 10:21 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-10-07 10:21 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-10-07 10:21 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-10-07 10:21 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-10-07 10:21 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-10-07 10:21 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-10-07 10:21 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-10-07 10:21 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-10-07 10:21 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-10-07 10:21 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-10-07 10:21 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-10-07 10:21 214,528 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-07 10:21 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-10-07 10:21 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-10-07 10:21 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-10-07 10:16 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-07 10:16 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-07 10:16 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-07 10:06 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-10-07 10:06 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-10-07 10:06 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-10-07 10:06 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-10-07 10:06 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-10-07 10:06 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-10-07 10:06 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-10-07 10:06 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-10-07 10:06 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-10-07 10:06 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-10-07 10:06 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-10-07 10:06 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-10-07 10:06 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-10-07 10:06 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-10-07 10:06 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-10-07 10:06 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-10-07 10:06 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-10-05 15:34 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-05 15:34 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-10-05 15:34 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-05 15:34 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-10-05 15:34 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-04 20:01 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-10-04 17:01 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-04 15:00 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-04 15:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-25 14:47 7,483 --a------ C:\clean.bat
2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-23 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-23 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-23 13:09 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2006-09-23 13:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-23 13:09 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-23 13:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-23 13:09 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-23 13:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-23 13:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-23 13:09 596,480 --a------ C:\WINDOWS\system32\INETCOMM.DLL
2006-09-23 13:09 47,616 --a------ C:\WINDOWS\system32\INETRES.DLL
2006-09-23 13:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-23 13:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-23 13:09 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-23 13:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-23 13:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-23 13:09 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-23 13:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-23 13:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-23 13:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-23 13:09 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-23 13:09 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
2006-09-23 13:09 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-23 13:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-23 13:08 974,336 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-23 13:08 89,600 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-23 13:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-23 13:08 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-23 13:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-23 13:08 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-23 13:08 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-23 13:08 220,672 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-23 13:08 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-23 13:08 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-23 13:08 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-23 13:08 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-23 13:08 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-23 13:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-23 13:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-23 13:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-23 13:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-23 13:07 581,632 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-23 13:07 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-23 13:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-23 13:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-23 13:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-23 13:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-23 13:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-23 13:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-23 13:07 368,640 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-23 13:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-23 13:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-23 13:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-23 13:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-23 13:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-23 13:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-23 13:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-23 13:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-23 13:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-23 13:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-23 13:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-23 13:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-23 12:12 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-23 12:11 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-21 17:08 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-09-21 17:08 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2006-09-21 17:08 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-09-21 17:08 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-09-21 17:08 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2006-09-21 17:08 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-09-21 17:08 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2006-09-21 17:08 40,960 --------- C:\WINDOWS\system32\langserv.dll
2006-09-21 17:08 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-09-21 17:08 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-09-21 17:08 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-09-21 17:08 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2006-09-21 17:08 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-09-21 17:08 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-09-21 17:08 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-09-21 17:08 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2006-09-21 17:08 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-09-21 17:08 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-09-21 17:08 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-09-21 17:08 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2006-09-21 17:08 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-09-21 17:05 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2006-09-21 17:05 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-09-21 17:05 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-09-21 17:05 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-09-21 17:05 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-09-17 18:01 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2006-09-17 18:01 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2006-09-17 18:01 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-17 18:01 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2006-09-17 18:01 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2006-09-17 18:01 188,416 --a------ C:\WINDOWS\system32\eax.dll
2006-09-17 18:01 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2006-09-17 18:01 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll
2006-09-12 22:09 1,110,528 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-12 18:26 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-12 15:08 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-11 23:27 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-11 21:33 -------- d-------- C:\Program Files\Trillian
2006-10-11 20:01 -------- d-------- C:\Documents and Settings\User1\Application Data\RipIt4Me
2006-10-11 17:40 -------- d-------- C:\Documents and Settings\User1\Application Data\DMCache
2006-10-11 17:25 -------- d-------- C:\Program Files\HaxFix
2006-10-11 07:06 -------- d-------- C:\Program Files\Rip it 4 Me
2006-10-10 20:03 -------- d-------- C:\Program Files\Save Flash
2006-10-10 20:02 -------- d-------- C:\Program Files\OceanDive
2006-10-10 15:51 -------- d-------- C:\Program Files\Winamp
2006-10-09 21:59 -------- d-------- C:\Documents and Settings\User1\Application Data\KRyLack Software
2006-10-09 14:52 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-08 09:55 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-05 15:34 -------- d-------- C:\Program Files\Windows Media Player
2006-10-05 15:34 -------- d-------- C:\Program Files\NetMeeting
2006-10-05 15:32 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 15:32 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 17:20 -------- d-------- C:\Program Files\Symantec
2006-10-04 17:02 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-10-04 17:01 -------- d-------- C:\Program Files\Common Files
2006-10-04 15:33 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-04 14:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-04 14:53 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2006-10-01 00:35 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 23:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-27 22:29 -------- d-------- C:\Program Files\CleanUp!
2006-09-26 19:25 -------- d-------- C:\Program Files\RegistryFix
2006-09-25 20:18 -------- d-------- C:\Program Files\Unlocker
2006-09-25 18:25 -------- d-------- C:\Program Files\Grisoft
2006-09-25 18:14 -------- d-------- C:\Documents and Settings\User1\Application Data\Symantec
2006-09-24 23:00 -------- d-------- C:\Documents and Settings\User1\Application Data\Mozilla
2006-09-24 13:04 8329 --a------ C:\Documents and Settings\User1\Application Data\.googlewebacchosts
2006-09-24 09:07 -------- d-------- C:\Program Files\Alwil Software
2006-09-23 21:53 -------- d-------- C:\Program Files\Pinnacle
2006-09-23 13:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-23 13:08 -------- d-------- C:\Program Files\Windows NT
2006-09-21 17:07 -------- d-------- C:\Program Files\SmartSound Software
2006-09-18 16:28 -------- d-------- C:\Program Files\Internet Download Manager
2006-09-18 16:28 -------- d-------- C:\Documents and Settings\User1\Application Data\IDM
2006-09-17 21:11 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-17 18:11 -------- d-------- C:\Program Files\GTA-SanAndreas
2006-09-16 23:24 -------- d-------- C:\Documents and Settings\User1\Application Data\Sun
2006-09-16 10:07 -------- d-------- C:\Documents and Settings\User1\Application Data\Google
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-10 19:43 -------- d-------- C:\Documents and Settings\User1\Application Data\AdobeUM
2006-09-10 18:24 -------- d---s---- C:\Documents and Settings\User1\Application Data\Microsoft
2006-09-10 10:34 -------- d-------- C:\Program Files\Java
2006-08-29 01:28 140984 --a------ C:\WINDOWS\system32\idmmbc.dll
2006-08-25 08:53 561664 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 20:40 -------- d-------- C:\Program Files\GeoVid
2006-08-22 18:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-22 18:32 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-08-22 18:25 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-22 18:05 -------- d-------- C:\Program Files\LiveUpdate
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins001.exe
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins000.exe
2006-08-22 00:22 -------- d-------- C:\Program Files\Temp
2006-08-22 00:22 -------- d-------- C:\Program Files\Anark
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:44 -------- d-------- C:\Program Files\SereneScreen
2006-08-19 09:43 -------- d-------- C:\Program Files\PgcEdit
2006-08-18 15:30 -------- d-------- C:\Documents and Settings\User1\Application Data\Adobe
2006-08-16 05:14 95232 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:14 70656 --a------ C:\WINDOWS\system32\ws2_32.dll
2006-08-16 05:14 54272 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-08-16 05:14 31232 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-08-16 05:14 13312 --a------ C:\WINDOWS\system32\wship6.dll
2006-08-16 02:28 48640 --a------ C:\WINDOWS\system32\ipv6.exe
2006-08-16 02:28 205120 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-16 02:27 83456 --a------ C:\WINDOWS\system32\netsh.exe
2006-08-16 02:27 11776 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2006-08-14 01:59 321536 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-03 20:59 48 ---hs---- C:\Documents and Settings\User1\Application Data\.zreglib
2006-07-21 01:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User1.job

Completion time: Thu 10/12/06 18:32:46.60
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

*******************************************************
HJT Log
*******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 6:36:02 PM, on 10/12/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

randomrandom · 10-14-2006, 10:34 AM

*bump*

Ried · 10-14-2006, 10:43 AM

I'm stilll with you...I haven't forgotten.

I'm consulting with my colleagues on this and will have a reply for you as soon as possible. Thank you for your patience.

In the meantime, I'd like you to try invoking Windows File Protection.

Click Start>Run and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy.

Please let me know how that went, and if Control Panel still crashes.

Ried · 10-15-2006, 10:59 AM

Hi randomrandom,

Thank you for your patience.

Download the attached random.zip file to your desktop.

Double click on the zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

Reboot your system and try the Control Panel again.

How are your start up and Control Panel behaving?

randomrandom · 10-15-2006, 12:32 PM

Ugh, still the same! Control panel is still crashing and the hang at startup is still the same....

controlpanelcrash.jpg This is a screenshot of the crashwindow, i have no idea if it will help or not...

Ried · 10-15-2006, 03:27 PM

Hi,

Did you run the System File Checker? (See post #52)

Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues

Go to Start > Run - type in eventvwr <Press Enter>

You will see Application, Security & System listed in the left pane.

In the left pane click on Application.
Click the gray title “Type” at the top of the source name column in the right pane to sort by type name
Look for “Error” & double-click on the most recent 5, and evaluate the event description for any indication of the cause of the problem.
Make note of the Description, EventID and Source of these Event Properties.
From the right pane, doubleclick on the line where it says error & you should see 2 arrows. One is pointing up & the other, pointing down.
There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here

Repeat steps 1-6 for System

randomrandom · 10-19-2006, 11:35 PM

*******************************
Application Errors
*******************************

********************
10/15/06 11:32:23 AM
********************
Faulting application explorer.exe, version 6.0.2800.1221, faulting module ntdll.dll, version 5.1.2600.1217, fault address 0x00025a58.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 38 e 6.0.28
0028: 30 30 2e 31 32 32 31 20 00.1221
0030: 69 6e 20 6e 74 64 6c 6c in ntdll
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 31 32 .2600.12
0048: 31 37 20 61 74 20 6f 66 17 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 32 35 61 35 38 0d 0a 25a58..

********************
10/15/06 11:30:33 AM
********************
Faulting application explorer.exe, version 6.0.2800.1221, faulting module ntdll.dll, version 5.1.2600.1217, fault address 0x00025a58.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 38 e 6.0.28
0028: 30 30 2e 31 32 32 31 20 00.1221
0030: 69 6e 20 6e 74 64 6c 6c in ntdll
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 31 32 .2600.12
0048: 31 37 20 61 74 20 6f 66 17 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 32 35 61 35 38 0d 0a 25a58..

********************
10/15/06 11:17:24 AM
********************
Faulting application explorer.exe, version 6.0.2800.1221, faulting module ntdll.dll, version 5.1.2600.1217, fault address 0x00025a58.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 38 e 6.0.28
0028: 30 30 2e 31 32 32 31 20 00.1221
0030: 69 6e 20 6e 74 64 6c 6c in ntdll
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 31 32 .2600.12
0048: 31 37 20 61 74 20 6f 66 17 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 32 35 61 35 38 0d 0a 25a58..

*******************
10/15/06 9:13:32 AM
*******************
Product: Microsoft .NET Framework 2.0 - Update 'Security Update for Microsoft .NET Framework 2.0 (KB922770)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP20-KB922770-X86\NDP20-KB922770-X86-msi.0.log.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 7b 37 31 33 31 36 34 36 {7131646
0008: 44 2d 43 44 33 43 2d 34 D-CD3C-4
0010: 30 46 34 2d 39 37 42 39 0F4-97B9
0018: 2d 43 44 39 45 34 45 36 -CD9E4E6
0020: 32 36 32 45 46 7d 20 7b 262EF} {
0028: 30 45 39 32 44 44 34 32 0E92DD42
0030: 2d 37 36 46 35 2d 34 45 -76F5-4E
0038: 46 32 2d 42 33 38 31 2d F2-B381-
0040: 46 39 43 31 44 37 32 42 F9C1D72B
0048: 45 32 33 44 7d 20 31 36 E23D} 16
0050: 30 33 03

*******************
10/15/06 9:12:35 AM
*******************
Product: Microsoft .NET Framework 2.0 -- Error 25015.Failed to install assembly 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll' because of system error: 0x80131018

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 7b 37 31 33 31 36 34 36 {7131646
0008: 44 2d 43 44 33 43 2d 34 D-CD3C-4
0010: 30 46 34 2d 39 37 42 39 0F4-97B9
0018: 2d 43 44 39 45 34 45 36 -CD9E4E6
0020: 32 36 32 45 46 7d 262EF}

*******************
10/14/06 5:45:25 PM
*******************
Faulting application explorer.exe, version 6.0.2800.1221, faulting module qedit.dll, version 6.4.2600.1106, fault address 0x0005b35e.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 38 e 6.0.28
0028: 30 30 2e 31 32 32 31 20 00.1221
0030: 69 6e 20 71 65 64 69 74 in qedit
0038: 2e 64 6c 6c 20 36 2e 34 .dll 6.4
0040: 2e 32 36 30 30 2e 31 31 .2600.11
0048: 30 36 20 61 74 20 6f 66 06 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 35 62 33 35 65 0d 0a 5b35e..

*******************
10/12/06 6:19:11 PM
*******************
Hanging application StartDreck.exe, version 2.1.0.7, hang module ntdll.dll, version 5.1.2600.1217, hang address 0x0003e1eb.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 53 74 61 72 74 44 StartD
0018: 72 65 63 6b 2e 65 78 65 reck.exe
0020: 20 32 2e 31 2e 30 2e 37 2.1.0.7
0028: 20 69 6e 20 6e 74 64 6c in ntdl
0030: 6c 2e 64 6c 6c 20 35 2e l.dll 5.
0038: 31 2e 32 36 30 30 2e 31 1.2600.1
0040: 32 31 37 20 61 74 20 6f 217 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 33 65 31 65 62 03e1eb

****************************
System Errors
****************************

***************
10/19/06
***************
Event Type: Error
Event Source: Windows Update Agent
Event Category: Installation
Event ID: 20
Date: 10/19/06
Time: 3:02:35 PM
User: N/A
Computer: HOLLY-LBDKBTJTC
Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB922770).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 36 34 33 20 0070643
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 35 42 39 33 42 39 ={5B93B9
0028: 41 31 2d 44 46 41 34 2d A1-DFA4-
0030: 34 33 32 31 2d 38 38 41 4321-88A
0038: 31 2d 38 30 32 38 38 35 1-802885
0040: 38 44 35 34 45 30 7d 20 8D54E0}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 32 20 00 02 .

***************
10/19/06
***************
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/19/06
Time: 2:56:40 PM
User: N/A
Computer: HOLLY-LBDKBTJTC
Description:
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
The specified procedure could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

***************
10/19/06
***************
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/19/06
Time: 2:56:40 PM
User: N/A
Computer: HOLLY-LBDKBTJTC
Description:
The HTTP service failed to start due to the following error:
The specified procedure could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

***************
10/19/06
***************
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 10/19/06
Time: 2:55:15 PM
User: N/A
Computer: HOLLY-LBDKBTJTC
Description:
The following boot-start or system-start driver(s) failed to load:
FltMgr

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

***************
10/19/06
***************
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 10/19/06
Time: 2:55:15 PM
User: N/A
Computer: HOLLY-LBDKBTJTC
Description:
The DCOM Server Process Launcher service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

***************
10/18/06
***************
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 10/18/06
Time: 10:10:07 AM
User: HOLLY-LBDKBTJTC\User1
Computer: HOLLY-LBDKBTJTC
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

********************************************************
********************************************************
I skipped duplicates for these (There were quite a few). I just wanted you to have a variety of recent ones. All of these errors had multiple occurances.

And sorry for the slow reply, I havent had much free time lately. Thanks

Ried · 10-20-2006, 09:06 PM

Hi randomrandom,

These results indicate OS issues and you would be better served discussing these issues in the Windows XP section of this forum. Please give them the Event Viewer information, along with an explanation of the problems the system is having. Let them know this system had been seriously infected and you've been cleared from the HijackThis area.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links.

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Now navigate to C:\ie-spyad. Double click to open it.
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically.

randomrandom · 10-21-2006, 09:03 PM

Thank you SO much for all of your help!

Your patience, helpfullness, and great attitude were greatly appreciated.

Thanks again,
Randomrandom

Ried · 10-21-2006, 09:59 PM

You're quite welcome, good luck.

10-09-2006, 07:21 PM	#41 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	I hate to tell you this, but I need you to rescan with Kaspersky. It needed to be set to 'Extended' scan and yours was a 'Standard' scan. Here are the instructions again: You can clear your Norton Quarantine if you wish--that should speed things up a bit. If you're unsure on how to do it, you can use Symantec's guide. Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-10-2006, 06:14 PM	#43 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Hiya, Delete the following: C:\Program Files\OceanDive\crack C:\Program Files\Save Flash\installer.exe C:\Program Files\Save Flash\patch_.exe C:\Program Files\Save Flash\Save[1].Flash.v3.0.0067.WinALL.Cracked.ViRiLiTY.zip\Free Popup Blocker.exe Before I issue final instructions--how is the system behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 10-10-2006 at 06:15 PM.

10-11-2006, 07:20 AM	#45 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Fix this entry with HijackThis (from Normal Mode) O20 - Winlogon Notify: dxmamcia - C:\WINDOWS\system32\dxmamcia.dll (file missing) As that entry was removed earlier, and previous HJT logs did not have that entry, and now it's resurfaced, I'd like you to run Haxfix Option 1 again to Make a logfile. Post that logfile here, along with a new HijackThis log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-11-2006, 06:44 PM	#47 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Ok, these logs are clean. Now would be a good time to set a clean restore point: Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. Is the system startup still slow? How is the overall behavior of the system? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-11-2006, 11:45 PM	#48 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	Service Pack 2? I'm still having that same slow startup, and now my control panel is crashing again when I open it. I did the "send error report" and clicked on "More information" and I got this: Install Windows XP Service Pack 2 (SP2) Thank you for submitting an error report. Problem description An error occurred on your computer that caused Windows to stop working. Recommendations At this time, no solution is available for the specific problem you reported. However, to help prevent more errors from occurring, we recommend you install Windows XP Service Pack 2 (SP2), and then install the latest security updates for your computer. There are two options for you to upgrade your computer. + Option 1: Upgrade online (free of charge) This option is recommended for customers with an Internet broadband connection, such as Digital Subscriber Line (DSL) or Cable. 1. Upgrade to Windows XP SP2 * Install SP2 on a single computer. * Install SP2 on networked computers (for IT Professionals and Developers). If you are experiencing problems while trying to install SP2, please read What to know before you download and install Windows XP SP2 online. 2. Install the latest security updates for your computer 1. After installing SP2 and restarting your computer, go to the Microsoft Update website by clicking Start, clicking All Programs, and then clicking Microsoft Update.) 2. On the Microsoft Update website, click Express, and then install all high-priority updates that are found for your computer. + Option 2: Order a Windows XP SP2 installation disc (A shipping and handling charge will be assessed on your order.) 1. To order a Windows XP SP2 installation disc, go to the CD order website. 2. After you receive your CD, install Windows XP SP2, and then restart your computer. 3. Install the latest security updates by going to the Microsoft Update website, clicking Start, clicking All Programs, and then clicking Microsoft Update. 4. On the Microsoft Update website, click Express, and then install all high-priority updates that are found for your computer. Additional information For more information about Windows XP SP2, go to the following websites: * Windows XP SP2 website * Windows XP SP2 Support Center * A list of fixes included in Windows XP Service Pack 2 From: http://oca.microsoft.com/en/response.aspx?SGD=1ef689a2-d106-48b5-8bf7-931480a3ac1e&SID=1130 Should i just install Service Pack 2? Support for Service pack 1 is expired anyway, and it seems like my last option unless you can think of something... What do I do??? Thanks EDIT: I'm adding a HJT log just in case I contracted something between today and yesterday that caused the control panel crash, or if its just me needing to upgrade to SP2. **************************************************** HJT Log **************************************************** Logfile of HijackThis v1.99.1 Scan saved at 10:47:00 PM, on 10/11/06 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ? O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Last edited by randomrandom; 10-11-2006 at 11:48 PM. Reason: Adding HJT Log

10-10-2006, 09:15 PM	#44 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	That hang on the "windows is starting up" screen still occurs. I timed it today and windows stays for 1 min. 20 seconds on just that one screen. But besides this, everything seems to be back to normal. Here is a HJT log made after I deleted those files and restarted my comp. ************************************************ HJT Log ************************************************ Logfile of HijackThis v1.99.1 Scan saved at 8:14:03 PM, on 10/10/06 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ? O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: dxmamcia - C:\WINDOWS\system32\dxmamcia.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

10-11-2006, 06:27 PM	#46 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	***************************************************** Haxfix Log *************************************************** HAXFIX logfile - by Marckie ______________ version 4.20.1 Wed 10/11/06 17:25:22.17 checking for haxdoor -------------------- checking for a3d files.... a3d files not found checking for matching notify keys.... no matching notify keys found checking for matching services.... matching services found Aspi32 checking for matching safeboot services.... no matching safeboot services found checking for other haxdoorfiles.... Checking for goldun ------------------- checking for SSODL keys.... no ssodl keys found checking for notify keys.... no notify keys found checking for services.... no services found checking for other goldunfiles.... Finished *************************************************** HJT Log ***************************************************** Logfile of HijackThis v1.99.1 Scan saved at 5:24:58 PM, on 10/11/06 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ? O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159425430187 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

10-12-2006, 05:50 PM	#49 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Hi, You should not have to upgrade to SP2 to fix that issue--the Control Panel should not be crashing. Time to do more digging. Please download SilentRunners.vbs (299kb) - Right click & choose Save As... SilentRunners.vbs Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete. When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply. ----------------------------------- Download StartDreck (397kb) Unzip to its own folder and start the program: Press 'Config' Press 'mark all' Uncheck the following box only: List Modules - (listed under 'Running Proceses') Press 'OK' Press 'Save' and select the location to save the log file (default is the same folder as the application) ----------------------------------- Also run combofix.exe again and post that log here as well. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-14-2006, 10:34 AM	#51 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	bump

10-14-2006, 10:43 AM	#52 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	I'm stilll with you...I haven't forgotten. I'm consulting with my colleagues on this and will have a reply for you as soon as possible. Thank you for your patience. In the meantime, I'd like you to try invoking Windows File Protection. Click Start>*Run* and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy. Please let me know how that went, and if Control Panel still crashes. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-15-2006, 10:59 AM	#53 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Hi randomrandom, Thank you for your patience. Download the attached random.zip file to your desktop. Double click on the zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry. Reboot your system and try the Control Panel again. How are your start up and Control Panel behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 12-30-2006 at 06:34 PM.

10-15-2006, 12:32 PM	#54 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	I did both things, but it didnt help! Ugh, still the same! Control panel is still crashing and the hang at startup is still the same.... controlpanelcrash.jpg This is a screenshot of the crashwindow, i have no idea if it will help or not... Last edited by randomrandom; 10-15-2006 at 12:40 PM. Reason: Attaching A Screenshot of the Crash Window

10-15-2006, 03:27 PM	#55 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Hi, Did you run the System File Checker? (See post #52) Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues Go to Start > Run - type in eventvwr <Press Enter> You will see Application, Security & System listed in the left pane. In the left pane click on Application. Click the gray title “Type” at the top of the source name column in the right pane to sort by type name Look for “Error” & double-click on the most recent 5, and evaluate the event description for any indication of the cause of the problem. Make note of the Description, EventID and Source of these Event Properties. From the right pane, doubleclick on the line where it says error & you should see 2 arrows. One is pointing up & the other, pointing down. There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard) Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here Repeat steps 1-6 for System __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-20-2006, 09:06 PM	#57 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	Hi randomrandom, These results indicate OS issues and you would be better served discussing these issues in the Windows XP section of this forum. Please give them the Event Viewer information, along with an explanation of the problems the system is having. Let them know this system had been seriously infected and you've been cleared from the HijackThis area. Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links. Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update Go to Start>Run* - type wuaucpl.cpl Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point* Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you do not already have them: Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items . Download Spyware Guard to catch and block spyware before it can execute. Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD) Now navigate to C:\ie-spyad. Double click to open it. From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list, by typing 2 Then return to the main menu. Select option #4 - Add the old porn sites domain, by typing 4 Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles: HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Follow this list and your potential for being infected again will reduce dramatically. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-21-2006, 09:03 PM	#58 (permalink)
randomrandom Registered User Join Date: Sep 2006 Posts: 31 OS: XP home edition	Thank you SO much for all of your help! Your patience, helpfullness, and great attitude were greatly appreciated. Thanks again, Randomrandom Last edited by randomrandom; 10-21-2006 at 09:05 PM.

10-21-2006, 09:59 PM	#59 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,580 OS: WinXP and Vista	You're quite welcome, good luck. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."