I ran combofix as directed in other threads. Here is the log file and the new HiJackThis log. Thanks
ComboFix 08-03-10.1 - Paul 2008-03-10 14:57:38.1 - NTFSx86
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\ranadcva.dll
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\dobe~1
C:\Program Files\dobe~1\?dobe\
C:\Program Files\dobe~1\javaw.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ncngxyru.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\
0lbLIBqEugwp.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\awtrr.dll
C:\WINDOWS\system32\awtut.dll
C:\WINDOWS\system32\awvwx.dll
C:\WINDOWS\system32\byvss.dll
C:\WINDOWS\system32\byxuu.dll
C:\WINDOWS\system32\byxwt.dll
C:\WINDOWS\system32\cbaxy.dll
C:\WINDOWS\system32\efebc.dll
C:\WINDOWS\system32\efeee.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\iiife.dll
C:\WINDOWS\system32\iiihe.dll
C:\WINDOWS\system32\iiihf.dll
C:\WINDOWS\system32\iiihi.dll
C:\WINDOWS\system32\iiijg.dll
C:\WINDOWS\system32\iiiji.dll
C:\WINDOWS\system32\jkkij.dll
C:\WINDOWS\system32\jkkkh.dll
C:\WINDOWS\system32\khfgg.dll
C:\WINDOWS\system32\khhhe.dll
C:\WINDOWS\system32\khhij.dll
C:\WINDOWS\system32\ljhij.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\nnlli.dll
C:\WINDOWS\system32\nnnkl.dll
C:\WINDOWS\system32\nnnllij.dll
C:\WINDOWS\system32\nnnlm.dll
C:\WINDOWS\system32\opnom.dll
C:\WINDOWS\system32\qomjj.dll
C:\WINDOWS\system32\qommn.dll
C:\WINDOWS\system32\qopqo.dll
C:\WINDOWS\system32\qopqp.dll
C:\WINDOWS\system32\rqolk.dll
C:\WINDOWS\system32\rqomj.dll
C:\WINDOWS\system32\rqrqp.dll
C:\WINDOWS\system32\ssqqq.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\tuvsq.dll
C:\WINDOWS\system32\tuvur.dll
C:\WINDOWS\system32\urqon.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\W007T32W.DLL
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\xxyab.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.
2008-03-10 15:06 . 2008-03-10 15:12 <DIR> d-------- C:\Program Files\seekmo
2008-03-10 15:06 . 2008-03-10 15:12 1,862 --a------ C:\WINDOWS\default.htm
2008-03-10 13:39 . 2008-03-10 15:08 <DIR> d-------- C:\Program Files\180solutions
2008-03-10 13:39 . 2008-03-10 15:08 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-10 13:39 . 2008-03-10 15:08 <DIR> d-------- C:\Program Files\180search assistant
2008-03-10 11:08 . 2008-03-10 11:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-10 11:08 . 2008-03-10 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 11:07 . 2008-03-10 11:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 10:51 . 2008-03-10 13:38 <DIR> d-------- C:\HJT
2008-03-09 15:16 . 2008-03-09 15:16 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-09 15:16 . 2008-03-09 15:16 <DIR> d-------- C:\Program Files\zango
2008-03-09 15:16 . 2008-03-09 15:16 <DIR> d-------- C:\Program Files\stc
2008-03-09 15:16 . 2008-03-09 15:16 26,880 --a------ C:\WINDOWS\SYSTEM32\SIPSPI32.dll
2008-03-08 10:34 . 2008-03-08 10:34 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-08 10:29 . 2008-03-08 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 10:28 . 2008-03-08 10:28 <DIR> d-------- C:\WINDOWS\njuqccse
2008-03-08 10:28 . 2008-03-08 10:28 177,664 --a------ C:\WINDOWS\bubahujm.dll
2008-03-08 10:28 . 2008-03-08 10:28 88,593 --a------ C:\WINDOWS\urgdmxux.exe
2008-03-08 10:28 . 2008-03-08 10:28 88,593 --a------ C:\WINDOWS\SYSTEM32\mgmrwmrv.exe
2008-03-08 10:28 . 2008-03-08 10:28 43,008 --a------ C:\WINDOWS\axktuzcd.exe
2008-03-08 10:28 . 2008-03-08 10:28 4 --a------ C:\WINDOWS\SYSTEM32\winfrun32.bin
2008-03-08 10:27 . 2008-03-08 22:27 <DIR> d-------- C:\Program Files\Bat
2008-03-08 10:27 . 2008-03-08 10:27 295,819 --a------ C:\WINDOWS\SYSTEM32\L6551.tmp
2008-03-08 10:26 . 2008-03-08 10:27 229,532 --a------ C:\WINDOWS\SYSTEM32\L40AA.tmp
2008-03-08 10:26 . 2008-03-08 10:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-08 10:26 . 2008-03-08 10:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-29 15:16 . 2008-02-29 15:16 0 --a------ C:\WINDOWS\WININIT.INI
2008-02-29 15:15 . 2008-02-29 15:15 <DIR> d-------- C:\Program Files\Netropa
2008-02-29 15:15 . 2002-07-11 09:47 98,304 --a------ C:\WINDOWS\SYSTEM32\msikbd.dll
2008-02-29 15:15 . 2000-06-08 04:09 28,672 --a------ C:\WINDOWS\SYSTEM32\msiosd32.dll
2008-02-29 15:15 . 2001-12-20 11:02 6,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys
2008-02-29 15:15 . 2008-03-10 14:55 245 --a------ C:\WINDOWS\Msiosd.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 20:07 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-10 20:05 32,512 ----a-w C:\WINDOWS\saiemod.dll
2008-03-06 21:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2007-12-12 14:36 20,256,064 ----a-w C:\Documents and Settings\Paul\QuickTimeInstaller.exe
2006-08-07 20:45 28,672 ----a-w C:\Documents and Settings\Paul\atwbxdet.dll
2006-02-10 16:02 94,208 ----a-w C:\Documents and Settings\Paul\atgpcext.dll
2006-02-10 16:02 63,488 ----a-w C:\Documents and Settings\Paul\ieatgpc.dll
2006-02-10 16:02 44,032 ----a-w C:\Documents and Settings\Paul\atmgr.exe
2006-02-10 16:02 227,328 ----a-w C:\Documents and Settings\Paul\atcliun.exe
2006-02-10 16:02 13,824 ----a-w C:\Documents and Settings\Paul\atgpcdec.dll
2003-04-23 18:30 778,120 ----a-w C:\Documents and Settings\My Pictures\Mvc-861f.ZIP
1998-08-11 09:08 581,632 ----a-w C:\Program Files\Convert.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-03-07 22:15 413696 --a------ C:\Program Files\Bat\Bat.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
C:\Program Files\QdrDrive\QdrDrive12.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-10 23:07 147456]
"PCTVOICE"="pctspk.exe" [2003-02-24 15:35 163840 C:\WINDOWS\SYSTEM32\pctspk.exe]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32 86016]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2003-01-31 11:27 364544]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-06 15:52 98304]
"zzzCamInSuiteIII"="D:\Setup.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 08:09 425984]
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [2008-03-08 10:27:48 178419]
palmOne Registration.lnk - C:\palmOne\register.exe [2005-03-08 14:55:18 2301952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-06-20 07:03 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hytrol Conveyor Co., Inc\\HEROES\\HEROES.exe"=
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\Vpn.exe"=
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe"=
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe"=
"C:\\WINDOWS\\SYSTEM32\\msiexec.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 11:02]
R1 tsircmir;LapLink Mirror Driver Miniport;C:\WINDOWS\system32\Drivers\tsircmir.sys [2001-12-07 13:56]
R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys [2002-09-19 09:15]
R2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2002-11-11 15:54]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 08:41]
R2 TSIREGMO;tsiregmo;C:\WINDOWS\system32\drivers\tsiregmo.sys [2001-12-07 14:40]
R2 TSISER;TSISER;C:\WINDOWS\system32\drivers\TSISER.sys [2001-12-07 14:12]
R2 TSISTRMX;Traveling Software Stream Driver;C:\WINDOWS\system32\drivers\TSISTRMX.sys [2001-12-07 13:56]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 16:26]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;C:\WINDOWS\system32\drivers\TSIMSF5.sys [2001-12-07 13:56]
S1 TSIRCINK;Traveling Software Install Driver;C:\WINDOWS\system32\drivers\TSIRCINK.sys [2001-12-07 13:56]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\system32\drivers\wA301b.sys [2003-02-15 00:12]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20:01]
S3 TSIKBF5;Traveling Software Keyboard Filter Driver;C:\WINDOWS\system32\drivers\TSIKBF5.sys [2001-12-07 13:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf583d30-63de-11d9-a1ac-000bdbd85353}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-10 15:12:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\default.htm 1862 bytes
C:\WINDOWS\system32\MSIXU.DLL 31488 bytes
C:\WINDOWS\system32\WER8274.DLL 8960 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-10 15:18:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 20:18:20
.
2008-02-13 23:28:17 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:04 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...r/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...r/fix_homepage/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzzCamInSuiteIII] D:\Setup.EXE 2***
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: palmOne Registration.lnk = C:\palmOne\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -
https://192.168.76.2...ll/WinNTChk.cabO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) -
https://192.168.76.2...ll/setupini.cabO16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) -
https://192.168.76.2...stall/setup.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
https://192.168.76.2...html/AtxEnc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...83/mcinsctl.cabO16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) -
https://192.168.76.2.../RemoveCtrl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,20/mcgdmgr.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O24 - Desktop Component 0: (no name) -
http://judoinfo.com/...ns/sportju1.gif--
End of file - 11733 bytes