Browser Hijack[resolved]
My desktop has been freezing and my browser gets redirected. I have followed all the instructions in the section called read this first before posting a highjackthis log.
Attached are the two online scan reports I did, which both report a problem and the highjack this log. Any help is much appreciated.
In addition to the previous information, I cannot get back to these forum pages unless I run Adaware and Spybot first.
I have been continuing to read through other threads and trying some of the recommendations. Everything I try finds issues, but clearly they are not fixing the problem. My browser still gets redirected.
From one of the threads, I downloaded Combofix and its log file follows:
Y6GVRRNB - 06-12-02 14:07:11.18 Service Pack 1
ComboFix 06.11.27W - Running from: "D:\Profiles\Y6GVRRNB\Desktop\Hijack"
((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))
2006-12-02 10:46 <DIR> d
C:\Program Files\Windows Live Safety Center
2006-12-02 10:46 <DIR> d
C:\Program Files\Windows Live Safety Center
2006-12-01 23:39 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2006-12-01 22:16 <DIR> d
C:\WINDOWS\system32\ActiveScan
2006-12-01 22:08 <DIR> d
C:\Program Files\SpywareBlaster
2006-12-01 22:08 <DIR> d
C:\Program Files\SpywareBlaster
2006-12-01 16:38 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2006-12-01 16:38 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2006-12-01 16:38 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-25 19:03 997,888 --a
C:\WINDOWS\system32\wmvdmoe2.dll
2006-11-25 19:03 981,504 --a
C:\WINDOWS\system32\wmnetmgr.dll
2006-11-25 19:03 892,416 --a
C:\WINDOWS\system32\wmspdmoe.dll
2006-11-25 19:03 82,432 --a
C:\WINDOWS\system32\drmstor.dll
2006-11-25 19:03 816,264 --a
C:\WINDOWS\system32\wmvdmod.dll
2006-11-25 19:03 81,408 --a
C:\WINDOWS\system32\logagent.exe
2006-11-25 19:03 760,968 --a
C:\WINDOWS\system32\wmsdmod.dll
2006-11-25 19:03 678,912 --a
C:\WINDOWS\system32\drmv2clt.dll
2006-11-25 19:03 670,208 --a
C:\WINDOWS\system32\wmadmoe.dll
2006-11-25 19:03 6,656 --a
C:\WINDOWS\system32\laprxy.dll
2006-11-25 19:03 486,536 --a
C:\WINDOWS\system32\wmspdmod.dll
2006-11-25 19:03 410,248 --a
C:\WINDOWS\system32\wmadmod.dll
2006-11-25 19:03 384,512 --a
C:\WINDOWS\system32\mp4sdmod.dll
2006-11-25 19:03 316,040 --a
C:\WINDOWS\system32\mp43dmod.dll
2006-11-25 19:03 301,712 --a
C:\WINDOWS\system32\drmclien.dll
2006-11-25 19:03 253,952 --a
C:\WINDOWS\system32\msnetobj.dll
2006-11-25 19:03 241,664 --a
C:\WINDOWS\system32\qasf.dll
2006-11-25 19:03 241,664 --a
C:\WINDOWS\system32\mpg4dmod.dll
2006-11-25 19:03 232,960 --a
C:\WINDOWS\system32\blackbox.dll
2006-11-25 19:03 218,112 --a
C:\WINDOWS\system32\wmasf.dll
2006-11-25 19:03 2,058,888 --a
C:\WINDOWS\system32\wmvcore.dll
2006-11-25 19:03 143,360 --a
C:\WINDOWS\system32\wmidx.dll
2006-11-25 19:03 1,111,040 --a
C:\WINDOWS\system32\wmsdmoe2.dll
2006-11-25 18:53 77,824 --a
C:\WINDOWS\system32\fun_mp4_dec.dll
2006-11-25 18:53 684,032 --a
C:\WINDOWS\system32\fun_mp4_enc.dll
2006-11-25 18:53 2,729,472 --a
C:\WINDOWS\system32\fun_avcodec.dll
2006-11-25 18:53 <DIR> d
C:\WINDOWS\system32\Samsung PC Studio Codecs
2006-11-24 22:29 94,000 --a
C:\WINDOWS\system32\drivers\ssm_mdm.sys
2006-11-24 22:29 8,336 --a
C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2006-11-24 22:29 6,176 --a
C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2006-11-24 22:29 6,176 --a
C:\WINDOWS\system32\drivers\ssm_cm.sys
2006-11-24 22:29 58,320 --a
C:\WINDOWS\system32\drivers\ssm_bus.sys
2006-11-24 22:29 5,840 --a
C:\WINDOWS\system32\drivers\ssm_whnt.sys
2006-11-24 22:29 5,840 --a
C:\WINDOWS\system32\drivers\ssm_wh.sys
2006-11-24 22:29 <DIR> d
C:\WINDOWS\system32\Samsung_USB_Drivers
2006-11-24 22:29 <DIR> d
C:\Documents and Settings\All Users\Application Data\InstallShield
2006-11-24 22:26 44,304 --a
C:\WINDOWS\system32\msrpfs35.dll
2006-11-24 22:26 39,424 --a
C:\WINDOWS\system32\JETCOMP.exe
2006-11-24 22:26 368,912 --a
C:\WINDOWS\system32\VBAR332.DLL
2006-11-24 22:26 344,064 --a
C:\WINDOWS\system32\msexch35.dll
2006-11-24 22:26 294,912 --a
C:\WINDOWS\system32\msxbse35.dll
2006-11-24 22:26 252,688 --a
C:\WINDOWS\system32\msexcl35.dll
2006-11-24 22:26 250,128 --a
C:\WINDOWS\system32\mspdox35.dll
2006-11-24 22:26 168,720 --a
C:\WINDOWS\system32\msltus35.dll
2006-11-24 22:26 166,672 --a
C:\WINDOWS\system32\mstext35.dll
2006-11-24 22:26 1,238,288 --a
C:\WINDOWS\system32\msjt4jlt.dll
2006-11-24 21:50 57,856 --a
C:\WINDOWS\system32\drivers\drmk.sys
2006-11-24 21:50 134,272 --a
C:\WINDOWS\system32\drivers\portcls.sys
2006-11-24 21:44 <DIR> d
C:\Documents and Settings\y6GVRRNB\Bluetooth Software
2006-11-24 21:42 <DIR> d
C:\Program Files\Belkin
2006-11-24 21:42 <DIR> d
C:\Program Files\Belkin
2006-11-20 22:27 <DIR> d
C:\Personal
2006-11-09 22:02 <DIR> d
C:\WS Atkins
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 22:59
d
C:\Program Files\USB Product Driver v2.12r012
2006-12-01 22:59
d
C:\Program Files\USB Product Driver v2.12r012
2006-12-01 22:54
d
C:\Program Files\QuickTime
2006-12-01 22:54
d
C:\Program Files\QuickTime
2006-12-01 22:44
d
C:\Program Files\Messenger
2006-12-01 22:44
d
C:\Program Files\Messenger
2006-12-01 22:42
d
C:\Program Files\Internet Explorer
2006-12-01 22:42
d
C:\Program Files\Internet Explorer
2006-12-01 22:40
d
C:\Program Files\Common Files\Autodesk Shared
2006-11-29 11:58
d--h
C:\Program Files\InstallShield Installation Information
2006-11-29 11:58
d--h
C:\Program Files\InstallShield Installation Information
2006-11-29 11:54
d
C:\Program Files\Common Files
2006-11-29 11:54
d
C:\Program Files\Common Files
2006-11-27 22:12
d
C:\Program Files\XE VPN Network 4.65
2006-11-27 22:12
d
C:\Program Files\XE VPN Network 4.65
2006-11-25 19:03
d
C:\Program Files\Windows Media Player
2006-11-25 19:03
d
C:\Program Files\Windows Media Player
2006-11-24 22:29
d
C:\Program Files\Common Files\InstallShield
2006-10-20 18:55
d
C:\Program Files\Microsoft Office
2006-10-20 18:55
d
C:\Program Files\Microsoft Office
2006-10-10 17:25
d
C:\Program Files\EPSON
2006-10-10 17:25
d
C:\Program Files\EPSON
2006-09-24 22:59 278045 --a
C:\WINDOWS\system32\{F172195A-B34F-4BD3-B449-60B807D12218}.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"XrxRegHH"="C:\\WINDOWS\\System32\\RegSvr32.exe /s c:\\Xerox\\XPWS\\Controls\\XPWSHH.dll"
"XrxNgEdocIE5Upd"="c:\\Xerox\\NgEdocIE5Upd\\NgEdocIE5Upd.exe /PwsQuiet"
"VerifyStartMenu"="RunDLL32 C:\\PROGRA~1\\NETMANAG.32\\NMGOINN.DLL,VerifyStartMenu"
"Sxplog"="C:\\SxpInst\\sxpstub.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"ShowIcon_Justrams_USB Product Driver v2.12r012"="\"C:\\Program Files\\USB Product Driver v2.12r012\\shwicon.exe\" -t\"Justrams\\USB Product Driver v2.12r012\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"ATIModeChange"="Ati2mdxx.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000
"NoInternetIcon"=dword:00000001
"NoNetHood"=dword:00000000
"NoDesktop"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoSetActiveDesktop"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoLogoff"=dword:00000000
"NoClose"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"EnforceShellExtensionSecurity"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoDrives"=dword:00000000
"NoNetConnectDisconnect"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinterTabs"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"="Authorized Users Only"
"legalnoticetext"="This is a Xerox computer system that is FOR OFFICIAL XEROX USE ONLY by specifically authorized personnel and includes Xerox confidential, proprietary, and privileged information.
This system may be subject to monitoring. No expectation of privacy is to be assumed. Unauthorized attempts to upload, download, or change information on this system are strictly prohibited and may be punishable under applicable law. Individuals found performing unauthorized activities are subject to disciplinary action including termination, and criminal and civil prosecution.
Anyone using this system must agree to abide by Xerox policies and must expressly consent to monitoring of their actions by selecting the <OK> button below. Otherwise, please switch-off this system.
."
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=dword:00000001
"NoToolbarCustomize"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-02 14:07:41.05
C:\ComboFix.txt ... 06-12-02 14:07
Attached are the two online scan reports I did, which both report a problem and the highjack this log. Any help is much appreciated.
In addition to the previous information, I cannot get back to these forum pages unless I run Adaware and Spybot first.
I have been continuing to read through other threads and trying some of the recommendations. Everything I try finds issues, but clearly they are not fixing the problem. My browser still gets redirected.
From one of the threads, I downloaded Combofix and its log file follows:
Y6GVRRNB - 06-12-02 14:07:11.18 Service Pack 1
ComboFix 06.11.27W - Running from: "D:\Profiles\Y6GVRRNB\Desktop\Hijack"
((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))
2006-12-02 10:46 <DIR> d
C:\Program Files\Windows Live Safety Center
2006-12-02 10:46 <DIR> d
C:\Program Files\Windows Live Safety Center
2006-12-01 23:39 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2006-12-01 22:16 <DIR> d
C:\WINDOWS\system32\ActiveScan
2006-12-01 22:08 <DIR> d
C:\Program Files\SpywareBlaster
2006-12-01 22:08 <DIR> d
C:\Program Files\SpywareBlaster
2006-12-01 16:38 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2006-12-01 16:38 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2006-12-01 16:38 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-25 19:03 997,888 --a
C:\WINDOWS\system32\wmvdmoe2.dll
2006-11-25 19:03 981,504 --a
C:\WINDOWS\system32\wmnetmgr.dll
2006-11-25 19:03 892,416 --a
C:\WINDOWS\system32\wmspdmoe.dll
2006-11-25 19:03 82,432 --a
C:\WINDOWS\system32\drmstor.dll
2006-11-25 19:03 816,264 --a
C:\WINDOWS\system32\wmvdmod.dll
2006-11-25 19:03 81,408 --a
C:\WINDOWS\system32\logagent.exe
2006-11-25 19:03 760,968 --a
C:\WINDOWS\system32\wmsdmod.dll
2006-11-25 19:03 678,912 --a
C:\WINDOWS\system32\drmv2clt.dll
2006-11-25 19:03 670,208 --a
C:\WINDOWS\system32\wmadmoe.dll
2006-11-25 19:03 6,656 --a
C:\WINDOWS\system32\laprxy.dll
2006-11-25 19:03 486,536 --a
C:\WINDOWS\system32\wmspdmod.dll
2006-11-25 19:03 410,248 --a
C:\WINDOWS\system32\wmadmod.dll
2006-11-25 19:03 384,512 --a
C:\WINDOWS\system32\mp4sdmod.dll
2006-11-25 19:03 316,040 --a
C:\WINDOWS\system32\mp43dmod.dll
2006-11-25 19:03 301,712 --a
C:\WINDOWS\system32\drmclien.dll
2006-11-25 19:03 253,952 --a
C:\WINDOWS\system32\msnetobj.dll
2006-11-25 19:03 241,664 --a
C:\WINDOWS\system32\qasf.dll
2006-11-25 19:03 241,664 --a
C:\WINDOWS\system32\mpg4dmod.dll
2006-11-25 19:03 232,960 --a
C:\WINDOWS\system32\blackbox.dll
2006-11-25 19:03 218,112 --a
C:\WINDOWS\system32\wmasf.dll
2006-11-25 19:03 2,058,888 --a
C:\WINDOWS\system32\wmvcore.dll
2006-11-25 19:03 143,360 --a
C:\WINDOWS\system32\wmidx.dll
2006-11-25 19:03 1,111,040 --a
C:\WINDOWS\system32\wmsdmoe2.dll
2006-11-25 18:53 77,824 --a
C:\WINDOWS\system32\fun_mp4_dec.dll
2006-11-25 18:53 684,032 --a
C:\WINDOWS\system32\fun_mp4_enc.dll
2006-11-25 18:53 2,729,472 --a
C:\WINDOWS\system32\fun_avcodec.dll
2006-11-25 18:53 <DIR> d
C:\WINDOWS\system32\Samsung PC Studio Codecs
2006-11-24 22:29 94,000 --a
C:\WINDOWS\system32\drivers\ssm_mdm.sys
2006-11-24 22:29 8,336 --a
C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2006-11-24 22:29 6,176 --a
C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2006-11-24 22:29 6,176 --a
C:\WINDOWS\system32\drivers\ssm_cm.sys
2006-11-24 22:29 58,320 --a
C:\WINDOWS\system32\drivers\ssm_bus.sys
2006-11-24 22:29 5,840 --a
C:\WINDOWS\system32\drivers\ssm_whnt.sys
2006-11-24 22:29 5,840 --a
C:\WINDOWS\system32\drivers\ssm_wh.sys
2006-11-24 22:29 <DIR> d
C:\WINDOWS\system32\Samsung_USB_Drivers
2006-11-24 22:29 <DIR> d
C:\Documents and Settings\All Users\Application Data\InstallShield
2006-11-24 22:26 44,304 --a
C:\WINDOWS\system32\msrpfs35.dll
2006-11-24 22:26 39,424 --a
C:\WINDOWS\system32\JETCOMP.exe
2006-11-24 22:26 368,912 --a
C:\WINDOWS\system32\VBAR332.DLL
2006-11-24 22:26 344,064 --a
C:\WINDOWS\system32\msexch35.dll
2006-11-24 22:26 294,912 --a
C:\WINDOWS\system32\msxbse35.dll
2006-11-24 22:26 252,688 --a
C:\WINDOWS\system32\msexcl35.dll
2006-11-24 22:26 250,128 --a
C:\WINDOWS\system32\mspdox35.dll
2006-11-24 22:26 168,720 --a
C:\WINDOWS\system32\msltus35.dll
2006-11-24 22:26 166,672 --a
C:\WINDOWS\system32\mstext35.dll
2006-11-24 22:26 1,238,288 --a
C:\WINDOWS\system32\msjt4jlt.dll
2006-11-24 21:50 57,856 --a
C:\WINDOWS\system32\drivers\drmk.sys
2006-11-24 21:50 134,272 --a
C:\WINDOWS\system32\drivers\portcls.sys
2006-11-24 21:44 <DIR> d
C:\Documents and Settings\y6GVRRNB\Bluetooth Software
2006-11-24 21:42 <DIR> d
C:\Program Files\Belkin
2006-11-24 21:42 <DIR> d
C:\Program Files\Belkin
2006-11-20 22:27 <DIR> d
C:\Personal
2006-11-09 22:02 <DIR> d
C:\WS Atkins
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 22:59
d
C:\Program Files\USB Product Driver v2.12r012
2006-12-01 22:59
d
C:\Program Files\USB Product Driver v2.12r012
2006-12-01 22:54
d
C:\Program Files\QuickTime
2006-12-01 22:54
d
C:\Program Files\QuickTime
2006-12-01 22:44
d
C:\Program Files\Messenger
2006-12-01 22:44
d
C:\Program Files\Messenger
2006-12-01 22:42
d
C:\Program Files\Internet Explorer
2006-12-01 22:42
d
C:\Program Files\Internet Explorer
2006-12-01 22:40
d
C:\Program Files\Common Files\Autodesk Shared
2006-11-29 11:58
d--h
C:\Program Files\InstallShield Installation Information
2006-11-29 11:58
d--h
C:\Program Files\InstallShield Installation Information
2006-11-29 11:54
d
C:\Program Files\Common Files
2006-11-29 11:54
d
C:\Program Files\Common Files
2006-11-27 22:12
d
C:\Program Files\XE VPN Network 4.65
2006-11-27 22:12
d
C:\Program Files\XE VPN Network 4.65
2006-11-25 19:03
d
C:\Program Files\Windows Media Player
2006-11-25 19:03
d
C:\Program Files\Windows Media Player
2006-11-24 22:29
d
C:\Program Files\Common Files\InstallShield
2006-10-20 18:55
d
C:\Program Files\Microsoft Office
2006-10-20 18:55
d
C:\Program Files\Microsoft Office
2006-10-10 17:25
d
C:\Program Files\EPSON
2006-10-10 17:25
d
C:\Program Files\EPSON
2006-09-24 22:59 278045 --a
C:\WINDOWS\system32\{F172195A-B34F-4BD3-B449-60B807D12218}.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"XrxRegHH"="C:\\WINDOWS\\System32\\RegSvr32.exe /s c:\\Xerox\\XPWS\\Controls\\XPWSHH.dll"
"XrxNgEdocIE5Upd"="c:\\Xerox\\NgEdocIE5Upd\\NgEdocIE5Upd.exe /PwsQuiet"
"VerifyStartMenu"="RunDLL32 C:\\PROGRA~1\\NETMANAG.32\\NMGOINN.DLL,VerifyStartMenu"
"Sxplog"="C:\\SxpInst\\sxpstub.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"ShowIcon_Justrams_USB Product Driver v2.12r012"="\"C:\\Program Files\\USB Product Driver v2.12r012\\shwicon.exe\" -t\"Justrams\\USB Product Driver v2.12r012\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"ATIModeChange"="Ati2mdxx.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000
"NoInternetIcon"=dword:00000001
"NoNetHood"=dword:00000000
"NoDesktop"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoSetActiveDesktop"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoLogoff"=dword:00000000
"NoClose"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"EnforceShellExtensionSecurity"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoDrives"=dword:00000000
"NoNetConnectDisconnect"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinterTabs"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"="Authorized Users Only"
"legalnoticetext"="This is a Xerox computer system that is FOR OFFICIAL XEROX USE ONLY by specifically authorized personnel and includes Xerox confidential, proprietary, and privileged information.
This system may be subject to monitoring. No expectation of privacy is to be assumed. Unauthorized attempts to upload, download, or change information on this system are strictly prohibited and may be punishable under applicable law. Individuals found performing unauthorized activities are subject to disciplinary action including termination, and criminal and civil prosecution.
Anyone using this system must agree to abide by Xerox policies and must expressly consent to monitoring of their actions by selecting the <OK> button below. Otherwise, please switch-off this system.
."
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=dword:00000001
"NoToolbarCustomize"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-02 14:07:41.05
C:\ComboFix.txt ... 06-12-02 14:07
0
This discussion has been closed.
Comments
I have searched the advice posted on other threads and followed it - nearly all of it!
As well as the virus scans detailed in my first posting, I also did the following:
I conducted the online virus scan from the Microsoft website.
I downloaded and ran Spyhunter.
I let Microsoft deal with what it found and manually cleared out what Spyhunter found.
Following all the advice has taken hours. I basically spent all day Saturday on it. Well so far it appears everything is cleaned out and I am not expriencing any of the problems that led me to post the first thread.
Thanks to all the advice on the various threads. It is great that people are good enough to go into such detail and it seems to have helped me tremendously.