Google redirected / Cant Run Certain Programs

[Johnish]

I've been having terrible problems where google is redirected to some odd site. It can range from pc anti-spyware software, registery clean, pet stuff, etc.

Windows XP sp3.

I can't run Spybot, sometimes it runs when it reboots but I can't start it later.

HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:28 PM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\WinTV\MCEStandby.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\qah.uni-muenster.de\Amolqc-preRC1exp_5.01_windows_intelx86.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5106/CTPID.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hauppauge MCE/Standby service (HCWMCECleanup) - Hauppauge Computer Works! - C:\PROGRA~1\WinTV\MCEStandby.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13573 bytes

[Shaba]

Hi Johnish

Please download GMER by GMER. An alternate download site.

1. Unzip it to a folder on your desktop.
2. Double click on gmer.exe to execute.
   If asked, allow the gmer.sys driver load.
3. If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
4. If you don't get a warning then...
   • Click the Rootkit/Malware tab at the top of the GMER window.
   • Click the Scan button.
5. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
6. Open Notepad and paste what you copied. Ctrl+V
7. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
   
   In the GMER window...
8. Click on the >>> tab at the top of the GMER window.
   This displays the rest of the "selection" tabs for you.
9. Click on the Autostart tab.
10. Click on Scan button.
11. Once the scan has finished... click Copy.
12. Open Notepad (again) and paste what you copied. Ctrl+V
13. Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
14. Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

[Johnish]

Here are the logs

gmerroot.txt
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-24 20:31:52
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A3E4B48 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA27ADCC0]
SSDT 8A2F7D68 ZwQueryValueKey
SSDT 8A77AF88 ZwResumeThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA27ADF20]

Code 891A96C0 ZwEnumerateKey
Code 89A61878 ZwFlushInstructionCache
Code 8A36F2C6 IofCallDriver
Code 891916BE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A36F2CB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 891916C3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 89A6187C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 891A96C4

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2596] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


gmerauto.txt
GMER 1.0.15.14966 - http://www.gmer.net
Autostart scan 2009-04-24 20:33:08
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
NavLogon@DLLName = C:\WINDOWS\system32\NavLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcrSch2Svc@ = "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
ccEvtMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccSetMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Creative Service for CDROM Access@ = C:\WINDOWS\system32\CTsvcCDA.EXE
CTAudSvcService@ = C:\Program Files\Creative\Shared Files\CTAudSvc.exe
DefWatch@ = "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
ehRecvr@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched@ = C:\WINDOWS\eHome\ehSched.exe
HCWMCECleanup@ = C:\PROGRA~1\WinTV\MCEStandby.exe
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LBTServ@ = C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE /*file not found*/
MaxSch2Svc@ = "C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe"
McrdSvc@ = C:\WINDOWS\ehome\mcrdsvc.exe
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
SavRoam@ = "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SPBBCSvc@ = "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Symantec AntiVirus@ = "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
TryAndDecideService@ = "C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"
Viewpoint Manager Service@ = "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
ZuneBusEnum@ = c:\WINDOWS\system32\ZuneBusEnum.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AudioDrvEmulator"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
@Zune Launcher"c:\Program Files\Zune\ZuneLauncher.exe" = "c:\Program Files\Zune\ZuneLauncher.exe"
@vptrayC:\PROGRA~1\SYMANT~1\VPTray.exe = C:\PROGRA~1\SYMANT~1\VPTray.exe
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe = C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
@Traymin900%SystemRoot%\System32\drivers\Tray900.exe = %SystemRoot%\System32\drivers\Tray900.exe
@SoundMAXPnPC:\Program Files\Analog Devices\Core\smax4pnp.exe = C:\Program Files\Analog Devices\Core\smax4pnp.exe
@SoundMAX"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
@RCSystem"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@PhiBtn%SystemRoot%\System32\drivers\PhiBtn.exe = %SystemRoot%\System32\drivers\PhiBtn.exe
@nwiznwiz.exe /install = nwiz.exe /install
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@Maxtor Scheduler2 Service"C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" = "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
@MaxBlastMonitor.exeC:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe = C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
@Logitech Hardware Abstraction LayerKHALMNPR.EXE /*file not found*/ = KHALMNPR.EXE /*file not found*/
@HPHmon03C:\WINDOWS\system32\hphmon03.exe = C:\WINDOWS\system32\hphmon03.exe
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@CTDVDDET"C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" = "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@boinctray"C:\Program Files\BOINC\boinctray.exe" = "C:\Program Files\BOINC\boinctray.exe"
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@AcronisTimounterMonitorC:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe = C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
@Acronis Scheduler2 Service"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" = "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@CTxfiHlpCTXFIHLP.EXE = CTXFIHLP.EXE
@VolPanel"C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r = "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Windows Live Sync"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background = "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
@Aim6 /*file not found*/ = /*file not found*/
@EA Core"C:\Program Files\Electronic Arts\EADM\Core.exe" -silent = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{2F25CF20-C569-11D1-B94C-00608CB45480} /*TextPad*/C:\PROGRA~1\TEXTPA~1\System\shellext.dll = C:\PROGRA~1\TEXTPA~1\System\shellext.dll
@{C539A15A-3AF9-4c92-B771-50CB78F5C751} /*Acronis True Image Shell Context Menu Extension*/C:\Program Files\Acronis\TrueImageHome\tishell.dll = C:\Program Files\Acronis\TrueImageHome\tishell.dll
@{C539A15B-3AF9-4c92-B771-50CB78F5C751} /*Acronis True Image Shell Extension*/C:\Program Files\Acronis\TrueImageHome\tishell.dll = C:\Program Files\Acronis\TrueImageHome\tishell.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MICROS~4\Wcesview.dll = C:\PROGRA~1\MICROS~4\Wcesview.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Program Files\Windows Desktop Search\deskbar.dll = C:\Program Files\Windows Desktop Search\deskbar.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\Windows Desktop Search\msnlExt.dll = C:\Program Files\Windows Desktop Search\msnlExt.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
MorpheusShellExt@{7DBF2913-1F89-4104-B1F4-932A29945C13} = C:\Program Files\Morpheus Ultra\MorphShellExt.dll
TextPad@{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\PROGRA~1\TEXTPA~1\System\shellext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{C539A15A-3AF9-4c92-B771-50CB78F5C751} = C:\Program Files\Acronis\TrueImageHome\tishell.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MorpheusShellExt@{7DBF2913-1F89-4104-B1F4-932A29945C13} = C:\Program Files\Morpheus Ultra\MorphShellExt.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{C539A15A-3AF9-4c92-B771-50CB78F5C751} = C:\Program Files\Acronis\TrueImageHome\tishell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\scrnsave.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
BOINC Manager.lnk = BOINC Manager.lnk
Windows Search.lnk = Windows Search.lnk

---- EOF - GMER 1.0.15 ----


Thanks for the assistance.

[Shaba]

In which browser google redirect takes place?

[Johnish]

All browsers:
FF, IE, Safari

[Shaba]

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

[Johnish]

ComboFix 09-04-27.02 - Johnish 04/27/2009 23:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1536 [GMT -4:00]
Running from: d:\_installers\_anti crapware\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\drivers\gxvxcygrdomyndpucvfgjccrmtiremcrgdtan.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxccuedonmtlfkoqowhlfrdcaysxyenpppk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-23 19:40 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 19:40 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 19:40 . 2009-04-23 19:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 19:40 . 2009-04-23 19:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w c:\documents and settings\Johnish\Application Data\MalwareRemovalBot
2009-04-23 16:23 . 2009-04-23 16:31 -------- d-----w c:\program files\CCleaner
2009-04-23 14:09 . 2009-04-23 14:09 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-23 14:09 . 2009-04-23 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 14:07 . 2009-04-23 14:07 -------- d-----w c:\program files\ERUNT
2009-04-23 14:06 . 2009-04-23 14:06 -------- d-----w c:\documents and settings\Johnish\Application Data\Lavasoft
2009-04-23 14:06 . 2009-04-23 14:06 -------- d-----w c:\program files\Lavasoft
2009-04-23 12:53 . 2009-04-23 12:53 57476 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-23 04:22 . 2009-04-23 04:22 -------- d-----w c:\documents and settings\Johnish\Application Data\Windows Search
2009-04-15 15:13 . 2009-04-15 15:13 -------- d-----w c:\program files\Trend Micro
2009-04-15 02:32 . 2009-04-15 02:32 -------- d-----w c:\windows\system32\XPSViewer
2009-04-15 02:32 . 2009-04-15 02:32 -------- d-----w c:\program files\MSBuild
2009-04-15 02:31 . 2009-04-15 02:31 -------- d-----w c:\program files\Reference Assemblies
2009-04-15 02:30 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-15 02:30 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-15 02:30 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-15 02:30 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-15 02:30 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-15 02:30 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-15 02:30 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-15 02:30 . 2009-04-15 02:31 -------- d-----w C:\c1539a514e4b56278d0e
2009-04-15 02:30 . 2009-04-15 03:07 -------- d-----w c:\windows\SxsCaPendDel
2009-04-15 02:15 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 02:15 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 02:15 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 02:15 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 02:15 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 02:15 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 02:15 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 02:15 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 02:15 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 02:14 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 02:14 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 04:09 . 2008-02-04 14:27 102400 ----a-w c:\windows\system32\cttele32.dll
2009-04-14 04:08 . 2009-04-14 04:08 -------- d-----w c:\program files\Common Files\Creative Labs Shared
2009-04-14 04:03 . 2008-09-25 19:40 20888640 ----a-w c:\windows\system32\AppSetup.exe
2009-04-14 03:52 . 2009-04-14 03:52 -------- d-----w c:\program files\Common Files\Creative
2009-04-14 03:52 . 2009-04-14 04:52 -------- d--h--w c:\program files\Creative Installation Information
2009-04-14 02:54 . 2009-04-15 14:01 -------- d-----w c:\documents and settings\Johnish\Tracing
2009-04-14 02:52 . 2009-04-15 02:19 -------- d-----w c:\program files\Microsoft
2009-04-14 02:52 . 2009-04-14 02:52 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-14 02:45 . 2009-04-14 02:46 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 04:06 . 2007-12-12 04:10 71616 ----a-w c:\documents and settings\Johnish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 04:05 . 2007-12-03 05:13 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-15 03:12 . 2007-12-17 05:46 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-14 04:52 . 2007-12-03 02:22 -------- d-----w c:\program files\Creative
2009-04-14 04:52 . 2007-12-02 01:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 04:09 . 2007-12-05 02:46 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-14 04:09 . 2007-12-05 02:46 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-14 02:52 . 2008-12-15 22:02 -------- d-----w c:\program files\Windows Live
2009-04-14 02:36 . 2007-12-16 21:06 -------- d-----w c:\program files\Java
2009-03-15 00:36 . 2008-07-09 23:37 -------- d-----w c:\program files\Lexi-Comp, Inc
2009-03-14 22:34 . 2008-08-07 03:44 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-09 09:19 . 2008-12-06 04:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2006-03-15 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-03-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2006-03-15 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-03-15 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-03-15 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-03-15 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-03-15 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2006-03-15 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2006-03-15 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2006-03-15 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2006-03-15 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 09:18 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-08 843776]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-30 311296]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-09-19 58112]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

c:\documents and settings\Thomas\Start Menu\Programs\StartUp\
Skyscape smARTupdate.lnk - c:\program files\Common Files\Skyscape\smARTupdate.exe [2003-5-16 2686976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-9-19 4190976]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\DECCHECK\\DECCHECK.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-14 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2003-01-30 18864]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2006-04-01 13532]
S2 HCWMCECleanup;Hauppauge MCE/Standby service;c:\progra~1\WinTV\MCEStandby.exe [2006-05-15 73728]
S2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [2008-06-27 431384]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-09 101936]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]

.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
FF - ProfilePath - c:\documents and settings\Johnish\Application Data\Mozilla\Firefox\Profiles\5q5nnc1c.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 00:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2268)
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\CTxfispi.exe
c:\windows\system32\wscntfy.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\BOINC\boinc.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
c:\documents and settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
c:\program files\TextPad 4\TextPad.exe
.
**************************************************************************
.
Completion time: 2009-04-28 0:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 04:11

Pre-Run: 77,412,155,392 bytes free
Post-Run: 77,463,105,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

287 --- E O F --- 2009-03-15 05:21


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:10 AM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\WinTV\MCEStandby.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wc...ndows_intelx86
C:\WINDOWS\explorer.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5106/CTPID.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hauppauge MCE/Standby service (HCWMCECleanup) - Hauppauge Computer Works! - C:\PROGRA~1\WinTV\MCEStandby.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13013 bytes

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[Johnish]

For some reason browsing the web is impossible. None of the graphics or CSS is coming through. :(


Acrobat.com
Acrobat.com
Acronis*True*Image*Home
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player
AIM 6
Amazon MP3 Downloader 1.0.3
Apple Mobile Device Support
Apple Software Update
ASUS WiFi-AP Solo
Athlon 64 Processor Driver
BOINC
Bonjour
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource
Creative MediaSource 5
Creative System Information
Creative WaveStudio 7
Critical Update for Windows Media Player 11 (KB959772)
EA Download Manager
ERUNT 1.1j
Folding@home-x86
getPlus(R) for Adobe
Hauppauge MCE Standby Service
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
hp photosmart printer series (Remove only)
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kane and Lynch: Dead Men
Lexi-CALC Calculations (Step 2)
Lexi-Comp Analyze (remove only)
Lexi-Comp Interact Reader (remove only)
Lexi-Comp Reader (remove only)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Maxtor*MaxBlast
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WinUsb 1.0
Mobipocket Reader 6.2
Mozilla Firefox (3.0.8)
Mozilla Thunderbird (2.0.0.21)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Myst IV - Revelation
NCLEX-RN 3500 - Individual Version
NVIDIA Drivers
NVIDIA Media Center extensions for DVD
NVIDIA PureVideo Decoder
OpenAL
Philips SPC 900NC PC Camera
Philips VLounge
PhysExam (WinCE & PocketPC) v 6.0.152 by Skyscape
PowerDVD
QuickTime
Safari
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SimCity 4 Deluxe
Sound Blaster for Media Center
Sound Blaster X-Fi
SoundFont Bank Manager
SoundMAX
SPORE™
Spybot - Search & Destroy
Symantec AntiVirus
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Volume Panel
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live FolderShare Beta
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Messenger
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

[Shaba]

As per forum rules, all p2p programs has to be uninstalled.

So you will need to uninstall uTorrent and delete this folder:

c:\Program Files\uTorrent

After that, please post back a fresh hijackthis log.