We help IT Professionals succeed at work.

Spyware / redirect

4,765 Views
Last Modified: 2013-12-06
Hi,

I have, when browsing online been ttacked by something that eluded my Norton virus/spyware protection and my firewall.

When i try to ope a folder or go online using Internet Explorer i get the message shown in the picture.
I am then directed to the page where i can download the antivirus program.

Any ideas how to get rid of it please?
Norton does not detect it, I have run a full virus scan.

Thanks
Untitled.jpg
Comment
Watch Question

Delphineous SilverwingGood Ol' Geek
CERTIFIED EXPERT

Commented:
Download ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save on your hard drive.

Disable your anti-virus to ensure Combofix runs correctly.

Run ComboFix and let it finish - do not click outside the window or run any software.  ComboFix will restart windows as part of its process then run "Find 3m".  Once complete it will display a log in notepad showing what it found and removed, as well as some other information.  You are welcome to post the log file as a "Code Snippet" for further analysis by an Expert here.

Author

Commented:
Thanks, I did as you said but combofix did not restart windows and the problem is not fixed.
I did notice that it said that some actions could not be done because they needed administrator permission.

Ive attached the notepad file, thanks

Rorf
ComboFix 08-07-11.1 - Administrator 2008-07-12 18:19:03.1 - NTFSx86
Microsoft® Windows Vista" Home Premium   6.0.6001.1.1252.1.1033.18.2259 [GMT 1:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.
 
2008-07-12 16:20 . 2008-07-12 16:20	20,992	--a------	C:\Windows\System32\intefltr.dll
2008-07-12 16:20 . 2008-07-12 16:20	20,992	--a------	C:\Windows\System32\inte_f.dll
2008-07-12 16:20 . 2008-07-12 16:20	20,992	--a------	C:\Windows\System32\iefltr.dll
2008-07-12 16:18 . 2008-07-12 16:18	20,992	--a------	C:\Windows\System32\iexpfltr.dll
2008-07-12 16:18 . 2008-07-12 16:18	20,992	--a------	C:\Windows\System32\iefl.dll
2008-07-12 11:01 . 2008-07-12 11:01	<DIR>	d--------	C:\Windows\Replay Media Catcher
2008-07-12 11:00 . 2008-07-12 16:32	<DIR>	d--------	C:\Program Files\Replay Media Catcher
2008-07-11 19:21 . 2008-06-26 02:45	12,240,896	--a------	C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 19:21 . 2008-06-26 02:45	2,644,480	--a------	C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 19:21 . 2008-06-26 04:29	801,280	--a------	C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 21:07 . 2008-06-26 21:07	268	--ah-----	C:\sqmdata00.sqm
2008-06-26 21:07 . 2008-06-26 21:07	244	--ah-----	C:\sqmnoopt00.sqm
2008-06-26 20:46 . 2008-06-26 20:51	<DIR>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 20:45 . 2008-06-28 08:18	<DIR>	d--------	C:\Program Files\Windows Live
2008-06-26 20:45 . 2008-06-28 08:15	<DIR>	d--------	C:\PROGRA~2\WLInstaller
2008-06-20 20:56 . 2008-06-20 20:56	<DIR>	d--------	C:\Windows\Sun
2008-06-20 20:46 . 2008-06-20 20:46	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-06-14 18:12 . 2008-04-23 05:42	428,544	--a------	C:\Windows\System32\EncDec.dll
2008-06-14 18:12 . 2008-04-23 05:42	293,376	--a------	C:\Windows\System32\psisdecd.dll
2008-06-14 18:12 . 2008-04-23 05:41	218,624	--a------	C:\Windows\System32\psisrndr.ax
2008-06-14 18:12 . 2008-04-23 05:41	57,856	--a------	C:\Windows\System32\MSDvbNP.ax
2008-06-13 14:14 . 2008-06-13 14:14	24,112	--a------	C:\Windows\System32\drivers\SymIMV.sys
2008-06-13 14:14 . 2008-06-13 14:14	13,093	--a------	C:\Windows\System32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14	1,611	--a------	C:\Windows\System32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13	184,240	--a------	C:\Windows\System32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13	96,432	--a------	C:\Windows\System32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13	41,008	--a------	C:\Windows\System32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13	38,576	--a------	C:\Windows\System32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13	22,320	--a------	C:\Windows\System32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13	13,616	--a------	C:\Windows\System32\drivers\symdns.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 13:46	---------	d-----w	C:\PROGRA~2\Symantec
2008-07-12 09:53	---------	d-----w	C:\Program Files\java
2008-07-09 17:52	---------	d-----w	C:\Program Files\Windows Mail
2008-06-29 13:22	---------	d-----w	C:\Program Files\divx
2008-06-22 12:33	---------	d-----w	C:\Users\Administrator\AppData\Roaming\Image Zone Express
2008-06-21 06:51	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-18 17:35	---------	d-----w	C:\PROGRA~2\DVD Shrink
2008-06-08 12:39	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-05 05:15	---------	d-----w	C:\Users\Administrator\AppData\Roaming\Azureus
2008-06-03 04:36	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-03 04:36	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-03 04:36	10,671	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-03 04:36	---------	d-----w	C:\Program Files\Symantec
2008-05-30 23:22	823,296	----a-w	C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22	823,296	----a-w	C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22	815,104	----a-w	C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22	802,816	----a-w	C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22	683,520	----a-w	C:\Windows\System32\DivX.dll
2008-05-30 23:22	593,920	----a-w	C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22	57,344	----a-w	C:\Windows\System32\dpv11.dll
2008-05-30 23:22	53,248	----a-w	C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22	344,064	----a-w	C:\Windows\System32\dpus11.dll
2008-05-30 23:22	294,912	----a-w	C:\Windows\System32\dpu11.dll
2008-05-30 23:22	294,912	----a-w	C:\Windows\System32\dpu10.dll
2008-05-25 16:16	---------	d-----w	C:\PROGRA~2\NVIDIA
2008-05-25 16:05	174	--sha-w	C:\Program Files\desktop.ini
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Sidebar
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Journal
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Defender
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Collaboration
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Calendar
2008-05-25 15:33	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-05-25 15:33	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-05-25 15:00	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-05-22 22:22	524,288	----a-w	C:\Windows\System32\DivXsm.exe
2008-05-22 22:22	3,596,288	----a-w	C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20	200,704	----a-w	C:\Windows\System32\ssldivx.dll
2008-05-22 22:20	1,044,480	----a-w	C:\Windows\System32\libdivx.dll
2008-05-22 22:19	81,920	----a-w	C:\Windows\System32\dpl100.dll
2008-05-22 22:19	196,608	----a-w	C:\Windows\System32\dtu100.dll
2008-05-22 22:19	161,096	----a-w	C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18	12,288	----a-w	C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:35	564,736	----a-w	C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59	90,112	----a-w	C:\Windows\System32\wshext.dll
2008-05-08 21:59	430,080	----a-w	C:\Windows\System32\vbscript.dll
2008-05-08 21:59	180,224	----a-w	C:\Windows\System32\scrobj.dll
2008-05-08 21:59	172,032	----a-w	C:\Windows\System32\scrrun.dll
2008-05-08 21:59	155,648	----a-w	C:\Windows\System32\wscript.exe
2008-05-08 21:58	135,168	----a-w	C:\Windows\System32\cscript.exe
2008-04-26 08:25	3,600,952	----a-w	C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25	3,549,240	----a-w	C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08	1,314,816	----a-w	C:\Windows\System32\quartz.dll
2008-04-25 04:35	826,880	----a-w	C:\Windows\System32\wininet.dll
2008-04-12 03:32	784,896	----a-w	C:\Windows\System32\rpcrt4.dll
2007-12-23 11:22	2,293,848	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2002-07-26 18:02	153,088	----a-w	C:\Program Files\UNWISE.EXE
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B2AE9C0-1555-4C92-905A-531532F15698}]
2008-07-12 16:20	20992	--a------	C:\Windows\system32\inte_f.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 09:56 278528]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2008-01-17 18:51 19456]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2004-09-21 04:22 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 11:43 122880]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 04:37 196608]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 18:14 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 18:14 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 16208384 C:\Windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 09:22 86016 C:\Windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 09:26 2808832 C:\Windows\ALCWZRD.EXE]
"P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\Windows\System32\SPIRUN.DLL]
"P17RunE"="P17RunE.dll" [2007-04-09 10:40 14848 C:\Windows\System32\P17RunE.dll]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{87021316-6639-4497-A9C1-C9F646ABD0A6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{D0CD2737-CD1D-4BD0-B0A2-6067746071D0}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{CCCDB8B9-2812-4928-B714-868F79DA110D}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{D1536C8C-9426-4769-9AC8-8D4DDE479E6D}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{4BBE796B-46A8-4C9C-BE62-8F3C02ED7ACE}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{AB96A110-7E0C-4F0A-B2C3-BD0FA1217C81}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD4C259E-39A3-49EF-AFCB-134B5A150BC4}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{CB7FE570-E37A-4F25-90E7-6CD923264C82}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{2EA28467-1B39-42C9-9718-1EA0F157AE53}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{33D525FA-0AC6-4F30-940C-C543884FC917}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{24E9DDF6-F44B-4511-9352-0C5482A294A6}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{0BA81BAE-69AF-455B-9808-636E01782A66}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{0F95C8ED-779E-49E0-A1E9-C23F68E9E796}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{CB633DAC-4C87-4E76-83A3-F72B6D4D3D38}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{F6895EE9-C6DD-4081-82EA-46020890C9B3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BDB6B9D1-A0B7-4816-93CD-4F34975178F5}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B32D8B20-B674-4A2F-9D1C-D6C01A71393F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B36F914E-7955-4EFA-95CC-3B170A6CA8AB}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{9E005066-962F-4159-8C9F-2D821DE0BF2F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{07027949-D396-4333-9278-A7FE7880F199}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8A84EC65-260D-42E9-9E3F-E1425BDCF4F1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCE2C0C3-079C-4B76-BE00-36C38D731217}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58EAD689-7D2E-4107-B068-562B134BCE83}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
 
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080711.006\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-11-08 20:45]
S3 DVC150B;Dazzle DVC 150B;C:\Windows\system32\Drivers\dvc150b.SYS [2005-03-03 20:47]
S3 PCTV;PCTV 4XXe USB 2.0 Driver;C:\Windows\system32\DRIVERS\pctv4XXe.sys [2007-08-06 09:00]
S3 Ph6xIB32;Philips 716x PCIe TV Card;C:\Windows\system32\DRIVERS\Ph6xIB32.sys [2006-11-02 09:27]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 09:37]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
 
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 18:20:42
Windows 6.0.6001 Service Pack 1 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? 
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-12 18:21:45
ComboFix-quarantined-files.txt  2008-07-12 17:21:41
ComboFix2.txt  2008-07-12 17:07:07
 
Pre-Run: 103,163,961,344 bytes free
Post-Run: 103,130,202,112 bytes free
 
209	--- E O F ---	2008-07-11 18:25:25

Open in new window

Delphineous SilverwingGood Ol' Geek
CERTIFIED EXPERT

Commented:
The top five entries in the Files Created are your spyware.

Download HiJackThis
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Run the application (do a scan) When you get the report, tell it to remove the following files:
     C:\Windows\System32\intefltr.dll
     C:\Windows\System32\inte_f.dll
     C:\Windows\System32\iefltr.dll
     C:\Windows\System32\iexpfltr.dll
     C:\Windows\System32\iefl.dll
And remove the Browser Helper Object:
     C:\Windows\system32\inte_f.dll

Reboot, then rerun HiJackThis and post the results here.  Remember when starting HiJackThis, start it as Administrator.

Author

Commented:
Appreciate your help,
Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:16, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698} - C:\Windows\system32\inte_f.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
 
--
End of file - 6689 bytes

Open in new window

Delphineous SilverwingGood Ol' Geek
CERTIFIED EXPERT

Commented:
Do you have a LightScribe drive installed in this computer?  HP's come with the software installed, even if you do not have the drive.  If you do not have the drive, uninstall the drivers to free up some system resources.

The INTE_F.DLL is still in the report.  
O2 - BHO: IE.Filter - {8B2AE9C0-1555-4C92-905A-531532F15698} - C:\Windows\system32\inte_f.dll

This is all I see in your report to be concerned about.  Try running ComboFix (as administrator) from safe mode.  We need to get rid of that IE Filter.

Author

Commented:
Ok,  ran Combofix and Hijack this in safe mode.

Attached reports from both.

Seems to have fixed the problem,  will you cast your eye over the reports and tell me if my PC is clean please?

Thanks
Rorf
ComboFix 08-07-11.1 - Administrator 2008-07-12 23:23:16.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista" Home Premium   6.0.6001.1.1252.1.1033.18.2924 [GMT 1:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.
 
No new files created in this timespan
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 21:03	---------	d-----w	C:\PROGRA~2\Symantec
2008-07-12 18:43	---------	d-----w	C:\Program Files\Trend Micro
2008-07-12 15:20	20,992	----a-w	C:\Windows\System32\intefltr.dll
2008-07-12 15:20	20,992	----a-w	C:\Windows\System32\inte_f.dll
2008-07-12 15:20	20,992	----a-w	C:\Windows\System32\iefltr.dll
2008-07-12 15:18	20,992	----a-w	C:\Windows\System32\iexpfltr.dll
2008-07-12 15:18	20,992	----a-w	C:\Windows\System32\iefl.dll
2008-07-12 09:53	---------	d-----w	C:\Program Files\java
2008-07-09 17:52	---------	d-----w	C:\Program Files\Windows Mail
2008-06-29 13:22	---------	d-----w	C:\Program Files\divx
2008-06-28 07:18	---------	d-----w	C:\Program Files\Windows Live
2008-06-28 07:15	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-06-26 19:51	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 03:29	801,280	----a-w	C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45	2,644,480	----a-w	C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45	12,240,896	----a-w	C:\Windows\System32\NlsLexicons0007.dll
2008-06-22 12:33	---------	d-----w	C:\Users\Administrator\AppData\Roaming\Image Zone Express
2008-06-21 06:51	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-20 19:46	---------	d-----w	C:\Program Files\Common Files\Java
2008-06-18 17:35	---------	d-----w	C:\PROGRA~2\DVD Shrink
2008-06-13 13:14	24,112	----a-w	C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 13:14	13,093	----a-w	C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 13:14	1,611	----a-w	C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 13:13	96,432	----a-w	C:\Windows\system32\drivers\symfw.sys
2008-06-13 13:13	41,008	----a-w	C:\Windows\system32\drivers\symndisv.sys
2008-06-13 13:13	38,576	----a-w	C:\Windows\system32\drivers\symids.sys
2008-06-13 13:13	22,320	----a-w	C:\Windows\system32\drivers\symredrv.sys
2008-06-13 13:13	184,240	----a-w	C:\Windows\system32\drivers\symtdi.sys
2008-06-13 13:13	13,616	----a-w	C:\Windows\system32\drivers\symdns.sys
2008-06-08 12:39	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-05 05:15	---------	d-----w	C:\Users\Administrator\AppData\Roaming\Azureus
2008-06-03 04:36	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-03 04:36	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-03 04:36	10,671	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-03 04:36	---------	d-----w	C:\Program Files\Symantec
2008-05-30 23:22	823,296	----a-w	C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22	823,296	----a-w	C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22	815,104	----a-w	C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22	802,816	----a-w	C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22	683,520	----a-w	C:\Windows\System32\DivX.dll
2008-05-30 23:22	593,920	----a-w	C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22	57,344	----a-w	C:\Windows\System32\dpv11.dll
2008-05-30 23:22	53,248	----a-w	C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22	344,064	----a-w	C:\Windows\System32\dpus11.dll
2008-05-30 23:22	294,912	----a-w	C:\Windows\System32\dpu11.dll
2008-05-30 23:22	294,912	----a-w	C:\Windows\System32\dpu10.dll
2008-05-25 16:16	---------	d-----w	C:\PROGRA~2\NVIDIA
2008-05-25 16:05	174	--sha-w	C:\Program Files\desktop.ini
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Sidebar
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Journal
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Defender
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Collaboration
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Calendar
2008-05-25 15:33	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-05-25 15:33	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-05-25 15:00	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-05-22 22:22	524,288	----a-w	C:\Windows\System32\DivXsm.exe
2008-05-22 22:22	3,596,288	----a-w	C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20	200,704	----a-w	C:\Windows\System32\ssldivx.dll
2008-05-22 22:20	1,044,480	----a-w	C:\Windows\System32\libdivx.dll
2008-05-22 22:19	81,920	----a-w	C:\Windows\System32\dpl100.dll
2008-05-22 22:19	196,608	----a-w	C:\Windows\System32\dtu100.dll
2008-05-22 22:19	161,096	----a-w	C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18	12,288	----a-w	C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:35	564,736	----a-w	C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59	90,112	----a-w	C:\Windows\System32\wshext.dll
2008-05-08 21:59	430,080	----a-w	C:\Windows\System32\vbscript.dll
2008-05-08 21:59	180,224	----a-w	C:\Windows\System32\scrobj.dll
2008-05-08 21:59	172,032	----a-w	C:\Windows\System32\scrrun.dll
2008-05-08 21:59	155,648	----a-w	C:\Windows\System32\wscript.exe
2008-05-08 21:58	135,168	----a-w	C:\Windows\System32\cscript.exe
2008-04-26 08:25	3,600,952	----a-w	C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25	3,549,240	----a-w	C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08	1,314,816	----a-w	C:\Windows\System32\quartz.dll
2008-04-25 04:35	826,880	----a-w	C:\Windows\System32\wininet.dll
2008-04-23 04:42	428,544	----a-w	C:\Windows\System32\EncDec.dll
2008-04-23 04:42	293,376	----a-w	C:\Windows\System32\psisdecd.dll
2008-04-12 03:32	784,896	----a-w	C:\Windows\System32\rpcrt4.dll
2007-12-23 11:22	2,293,848	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2002-07-26 18:02	153,088	----a-w	C:\Program Files\UNWISE.EXE
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B2AE9C0-1555-4C92-905A-531532F15698}]
2008-07-12 16:20	20992	--a------	C:\Windows\system32\inte_f.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 09:56 278528]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2008-01-17 18:51 19456]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2004-09-21 04:22 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 11:43 122880]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 04:37 196608]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 16208384 C:\Windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 09:22 86016 C:\Windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 09:26 2808832 C:\Windows\ALCWZRD.EXE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{87021316-6639-4497-A9C1-C9F646ABD0A6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{D0CD2737-CD1D-4BD0-B0A2-6067746071D0}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{CCCDB8B9-2812-4928-B714-868F79DA110D}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{D1536C8C-9426-4769-9AC8-8D4DDE479E6D}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{4BBE796B-46A8-4C9C-BE62-8F3C02ED7ACE}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{AB96A110-7E0C-4F0A-B2C3-BD0FA1217C81}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD4C259E-39A3-49EF-AFCB-134B5A150BC4}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{CB7FE570-E37A-4F25-90E7-6CD923264C82}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{2EA28467-1B39-42C9-9718-1EA0F157AE53}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{33D525FA-0AC6-4F30-940C-C543884FC917}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{24E9DDF6-F44B-4511-9352-0C5482A294A6}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{0BA81BAE-69AF-455B-9808-636E01782A66}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{0F95C8ED-779E-49E0-A1E9-C23F68E9E796}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{CB633DAC-4C87-4E76-83A3-F72B6D4D3D38}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{F6895EE9-C6DD-4081-82EA-46020890C9B3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BDB6B9D1-A0B7-4816-93CD-4F34975178F5}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B32D8B20-B674-4A2F-9D1C-D6C01A71393F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B36F914E-7955-4EFA-95CC-3B170A6CA8AB}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{9E005066-962F-4159-8C9F-2D821DE0BF2F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{07027949-D396-4333-9278-A7FE7880F199}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8A84EC65-260D-42E9-9E3F-E1425BDCF4F1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCE2C0C3-079C-4B76-BE00-36C38D731217}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58EAD689-7D2E-4107-B068-562B134BCE83}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
 
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080711.006\IDSvix86.sys [2008-02-13 17:18]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-11-08 20:45]
S3 DVC150B;Dazzle DVC 150B;C:\Windows\system32\Drivers\dvc150b.SYS [2005-03-03 20:47]
S3 PCTV;PCTV 4XXe USB 2.0 Driver;C:\Windows\system32\DRIVERS\pctv4XXe.sys [2007-08-06 09:00]
S3 Ph6xIB32;Philips 716x PCIe TV Card;C:\Windows\system32\DRIVERS\Ph6xIB32.sys [2006-11-02 09:27]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 09:37]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
 
*Newly Created Service* - COMHOST
*Newly Created Service* - ECACHE
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 23:26:25
Windows 6.0.6001 Service Pack 1 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-12 23:27:28
ComboFix-quarantined-files.txt  2008-07-12 22:27:24
ComboFix2.txt  2008-07-12 21:52:54
ComboFix3.txt  2008-07-12 17:21:45
ComboFix4.txt  2008-07-12 17:07:07
 
      The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 105,886,908,416 bytes free
 
201	--- E O F ---	2008-07-11 18:25:25

Open in new window

Author

Commented:
And this is the Hijackthis log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:20, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
 
Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
 
--
End of file - 5970 bytes

Open in new window

CERTIFIED EXPERT
Top Expert 2007

Commented:
In your case you needed to run Combofix in Safe Mode, not normal mode.

FixIEDef should also take care of this infection.
Download FixIEDef by ShadowPuterDude to the Desktop.
http://downloads.malwareteks.com/FixIEDef.exe 


Disable real-time protection that can interfer with FixIEDef: (If you have these programs)

*Disable Windows Defender until the computer is clean
Open Windows Defender
Select Tools and then General Settings
Under Real Time Protection Options uncheck Turn on real-time protection
Select Save
Don't forget to re-enable it, when your computer is clean.

*Disable SUPERAntiSpyware until the computer is clean
Right-click on the shortcut from the system tray
Choose View Control Center (preferences/options)
On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
Click Close to exit.
Don't forget to re-enable it, when your computer is clean.

*Disable Teatimer
First:
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident
Second:
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
Uncheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Double-click FixIEDef
Click 'OK'
Click 'Scan'
Click 'OK' FixIEDef requires Adminstrator Privileges to run correctly. This box tells you that FixIEDef successfully elevated it's privileges to that of Administrator.

Wait for the scan to finish. It won't take very long.

WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Glad to know th problem is fixed.

Combofix log doesn't look right but that could be because it's not compatible with your OS.
It's still showing these files below: If the infection is gone as you said then that's good.
C:\Windows\System32\intefltr.dll
C:\Windows\System32\inte_f.dll
C:\Windows\System32\iefltr.dll
C:\Windows\System32\iexpfltr.dll
C:\Windows\System32\iefl.dll
Good Ol' Geek
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi
I manually deleted the files in safe mode then ran Combofix again.
Here is the log file

Thanks
ComboFix 08-07-11.1 - Administrator 2008-07-13 10:02:36.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista" Home Premium   6.0.6001.1.1252.1.1033.18.2919 [GMT 1:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
.
 
(((((((((((((((((((((((((   Files Created from 2008-06-13 to 2008-07-13  )))))))))))))))))))))))))))))))
.
 
No new files created in this timespan
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 03:16	---------	d-----w	C:\PROGRA~2\Symantec
2008-07-12 18:43	---------	d-----w	C:\Program Files\Trend Micro
2008-07-12 09:53	---------	d-----w	C:\Program Files\java
2008-07-09 17:52	---------	d-----w	C:\Program Files\Windows Mail
2008-06-29 13:22	---------	d-----w	C:\Program Files\divx
2008-06-28 07:18	---------	d-----w	C:\Program Files\Windows Live
2008-06-28 07:15	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-06-26 19:51	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 03:29	801,280	----a-w	C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45	2,644,480	----a-w	C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45	12,240,896	----a-w	C:\Windows\System32\NlsLexicons0007.dll
2008-06-22 12:33	---------	d-----w	C:\Users\Administrator\AppData\Roaming\Image Zone Express
2008-06-21 06:51	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-20 19:46	---------	d-----w	C:\Program Files\Common Files\Java
2008-06-18 17:35	---------	d-----w	C:\PROGRA~2\DVD Shrink
2008-06-13 13:14	24,112	----a-w	C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 13:14	13,093	----a-w	C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 13:14	1,611	----a-w	C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 13:13	96,432	----a-w	C:\Windows\system32\drivers\symfw.sys
2008-06-13 13:13	41,008	----a-w	C:\Windows\system32\drivers\symndisv.sys
2008-06-13 13:13	38,576	----a-w	C:\Windows\system32\drivers\symids.sys
2008-06-13 13:13	22,320	----a-w	C:\Windows\system32\drivers\symredrv.sys
2008-06-13 13:13	184,240	----a-w	C:\Windows\system32\drivers\symtdi.sys
2008-06-13 13:13	13,616	----a-w	C:\Windows\system32\drivers\symdns.sys
2008-06-08 12:39	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-05 05:15	---------	d-----w	C:\Users\Administrator\AppData\Roaming\Azureus
2008-06-03 04:36	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-03 04:36	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-03 04:36	10,671	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-03 04:36	---------	d-----w	C:\Program Files\Symantec
2008-05-30 23:22	823,296	----a-w	C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22	823,296	----a-w	C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22	815,104	----a-w	C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22	802,816	----a-w	C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22	683,520	----a-w	C:\Windows\System32\DivX.dll
2008-05-30 23:22	593,920	----a-w	C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22	57,344	----a-w	C:\Windows\System32\dpv11.dll
2008-05-30 23:22	53,248	----a-w	C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22	344,064	----a-w	C:\Windows\System32\dpus11.dll
2008-05-30 23:22	294,912	----a-w	C:\Windows\System32\dpu11.dll
2008-05-30 23:22	294,912	----a-w	C:\Windows\System32\dpu10.dll
2008-05-25 16:16	---------	d-----w	C:\PROGRA~2\NVIDIA
2008-05-25 16:05	174	--sha-w	C:\Program Files\desktop.ini
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Sidebar
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Journal
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Defender
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Collaboration
2008-05-25 15:56	---------	d-----w	C:\Program Files\Windows Calendar
2008-05-25 15:33	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-05-25 15:33	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-05-25 15:00	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-05-22 22:22	524,288	----a-w	C:\Windows\System32\DivXsm.exe
2008-05-22 22:22	3,596,288	----a-w	C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20	200,704	----a-w	C:\Windows\System32\ssldivx.dll
2008-05-22 22:20	1,044,480	----a-w	C:\Windows\System32\libdivx.dll
2008-05-22 22:19	81,920	----a-w	C:\Windows\System32\dpl100.dll
2008-05-22 22:19	196,608	----a-w	C:\Windows\System32\dtu100.dll
2008-05-22 22:19	161,096	----a-w	C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18	12,288	----a-w	C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:35	564,736	----a-w	C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59	90,112	----a-w	C:\Windows\System32\wshext.dll
2008-05-08 21:59	430,080	----a-w	C:\Windows\System32\vbscript.dll
2008-05-08 21:59	180,224	----a-w	C:\Windows\System32\scrobj.dll
2008-05-08 21:59	172,032	----a-w	C:\Windows\System32\scrrun.dll
2008-05-08 21:59	155,648	----a-w	C:\Windows\System32\wscript.exe
2008-05-08 21:58	135,168	----a-w	C:\Windows\System32\cscript.exe
2008-04-26 08:25	3,600,952	----a-w	C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25	3,549,240	----a-w	C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08	1,314,816	----a-w	C:\Windows\System32\quartz.dll
2008-04-25 04:35	826,880	----a-w	C:\Windows\System32\wininet.dll
2008-04-23 04:42	428,544	----a-w	C:\Windows\System32\EncDec.dll
2008-04-23 04:42	293,376	----a-w	C:\Windows\System32\psisdecd.dll
2007-12-23 11:22	2,293,848	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2002-07-26 18:02	153,088	----a-w	C:\Program Files\UNWISE.EXE
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 09:56 278528]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2008-01-17 18:51 19456]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2004-09-21 04:22 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 11:43 122880]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 04:37 196608]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 16208384 C:\Windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 09:22 86016 C:\Windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 09:26 2808832 C:\Windows\ALCWZRD.EXE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{87021316-6639-4497-A9C1-C9F646ABD0A6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{D0CD2737-CD1D-4BD0-B0A2-6067746071D0}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{CCCDB8B9-2812-4928-B714-868F79DA110D}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{D1536C8C-9426-4769-9AC8-8D4DDE479E6D}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{4BBE796B-46A8-4C9C-BE62-8F3C02ED7ACE}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{AB96A110-7E0C-4F0A-B2C3-BD0FA1217C81}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD4C259E-39A3-49EF-AFCB-134B5A150BC4}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{CB7FE570-E37A-4F25-90E7-6CD923264C82}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{2EA28467-1B39-42C9-9718-1EA0F157AE53}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{33D525FA-0AC6-4F30-940C-C543884FC917}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{24E9DDF6-F44B-4511-9352-0C5482A294A6}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{0BA81BAE-69AF-455B-9808-636E01782A66}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{0F95C8ED-779E-49E0-A1E9-C23F68E9E796}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{CB633DAC-4C87-4E76-83A3-F72B6D4D3D38}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{F6895EE9-C6DD-4081-82EA-46020890C9B3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BDB6B9D1-A0B7-4816-93CD-4F34975178F5}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B32D8B20-B674-4A2F-9D1C-D6C01A71393F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B36F914E-7955-4EFA-95CC-3B170A6CA8AB}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{9E005066-962F-4159-8C9F-2D821DE0BF2F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{07027949-D396-4333-9278-A7FE7880F199}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8A84EC65-260D-42E9-9E3F-E1425BDCF4F1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCE2C0C3-079C-4B76-BE00-36C38D731217}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58EAD689-7D2E-4107-B068-562B134BCE83}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
 
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080711.006\IDSvix86.sys [2008-02-13 17:18]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-11-08 20:45]
S3 DVC150B;Dazzle DVC 150B;C:\Windows\system32\Drivers\dvc150b.SYS [2005-03-03 20:47]
S3 PCTV;PCTV 4XXe USB 2.0 Driver;C:\Windows\system32\DRIVERS\pctv4XXe.sys [2007-08-06 09:00]
S3 Ph6xIB32;Philips 716x PCIe TV Card;C:\Windows\system32\DRIVERS\Ph6xIB32.sys [2006-11-02 09:27]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 09:37]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
 
*Newly Created Service* - COMHOST
*Newly Created Service* - ECACHE
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 10:05:33
Windows 6.0.6001 Service Pack 1 NTFS
 
scanning hidden processes ... 
 
scanning hidden autostart entries ...
 
scanning hidden files ... 
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
Completion time: 2008-07-13 10:07:56
ComboFix-quarantined-files.txt  2008-07-13 09:07:54
ComboFix2.txt  2008-07-12 22:27:28
ComboFix3.txt  2008-07-12 21:52:54
ComboFix4.txt  2008-07-12 17:21:45
ComboFix5.txt  2008-07-12 17:07:07
 
      The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 102,850,465,792 bytes free
 
194	--- E O F ---	2008-07-11 18:25:25

Open in new window

Author

Commented:
Thanks very much for your help.

Much appreciated

Rorf
Use spybot-search and destroy... 100% it will work
http://www.safer-networking.org/en/index.html

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.