Unable to connect to the internet out of safe mode

  1. 13-03-2009  #1
    mojay
    mojay is offline Newbie

    Unable to connect to the internet out of safe mode

    problem is here: http://www.d-a-l.com/help/general-in...tml#post184378

    Safe Mode:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1208 AM, on 3/13/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hp.windowsmedia.com/MEDIAGUID.../win_media.jsp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher" /Minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8541] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6065] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9797] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7405] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w t3d.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3437] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD68] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6647] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dl l"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD886] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dl l"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8387] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4981] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7025] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5037] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1927] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3721] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6465] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3623] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4206] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7153] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9301] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4612] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB921] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2Java.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2180] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2Java.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4364] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM03 02.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9028] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM03 02.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3747] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM03 02.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4255] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM03 02.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4867] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\contro lPanel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD634] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\contro lPanel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4085] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7152] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7151] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9605] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8248] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobj ect.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1617] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobj ect.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8642] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.d ll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD234] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.d ll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4110] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.d ll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6711] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.d ll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6234] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver. dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4638] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver. dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1722] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost .dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4644] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost .dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7202] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHos tPlugin.xpt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9272] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHos tPlugin.xpt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5733] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBu ndle.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7612] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBu ndle.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB755] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver. dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7357] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver. dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7460] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dl l"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3509] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dl l"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9288] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.d ed"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6393] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.d ed"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8380] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine .dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7807] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine .dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1192] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331. cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3220] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331. cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8888] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ fileList.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9183] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ fileList.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB141] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8095] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7681] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdrive r.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5838] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdrive r.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4255] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtang ent.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9355] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtang ent.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2245] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2348] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6093] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCt l.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD898] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCt l.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4456] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5871] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1947] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9287] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1101] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll "
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3956] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll "
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2680] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ax"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5676] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ax"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4966] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1334] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB485] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlP anel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9292] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlP anel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3564] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\d ata.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1804] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\d ata.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9622] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w ebdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2298] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w ebdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4624] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w t3d.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4169] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_i nfo\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5471] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_i nfo\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5742] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5833] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB924] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2647] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1_Uninstall.cdas"
    O4 - Global Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193265707609
    O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemoreeducation.com/bin/tol9inst.cab
    O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - http://www.teenkorean.com/Penta/KoreanSecurity.cab
    O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} (mr.UserControl1) - http://www.interedu.go.kr/contents/101e/KWK.CAB
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 21749 bytes
    Normal Mode
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:36:03 AM, on 3/13/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hp.windowsmedia.com/MEDIAGUID.../win_media.jsp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher" /Minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193265707609
    O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemoreeducation.com/bin/tol9inst.cab
    O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - http://www.teenkorean.com/Penta/KoreanSecurity.cab
    O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} (mr.UserControl1) - http://www.interedu.go.kr/contents/101e/KWK.CAB
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 12413 bytes
    Last edited by mojay; 13-03-2009 at 05:44 AM.

  3. 13-03-2009  #2
    Neal
    Neal is offline Dedicated Member
    Welcome,


    I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
    1. Run Spybot-S&D
    2. Go to the Mode menu, and make sure "Advanced Mode" is selected
    3. On the left hand side, choose Tools -> Resident
    4. Uncheck "Resident TeaTimer" and OK any prompts
    You can reenable TeaTimer once your system is clean.

    You have two anti-virus programs running, you need to uninstall one of them as much problems can and will happen with two running.

    You also need only one firewall if you have two running.

    If you did not install this yourself please uninstall Viewpoint Manager, viewpoint etc.


    Run hijackthis and click on "scan system only" button and put checks next to these:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE




    Please close ALL browser windows (including this one).

    Everything closed out but hijackthis and click on "fix checked"


    Reboot your PC and post a new hijackthis log from normal mode and tell me what is going on now please.
  4. 14-03-2009  #3
    mojay
    mojay is offline Newbie
    can you explain which firewalls or antivirus I have running because I uninstalled all of them I should only have windows firewall and avira
  5. 17-03-2009  #4
    Neal
    Neal is offline Dedicated Member
    From your hijackthis log:

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    OO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
    023 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


    What is going on now?

    Norton uninstaller:

    http://service1.symantec.com/Support...05033108162039
  6. 17-03-2009  #5
    mojay
    mojay is offline Newbie
    It needs the product key I have no clue of the product key it came with my computer like 5 or 6 years ago
    anyway around this: Save your Norton 2005 or 2004 Product Key, then download and run the Norton Removal Tool
  7. 18-03-2009  #6
    Neal
    Neal is offline Dedicated Member
    Did you try any way to run the removal tool without the key?

    Is Norton showing in your add/remove program? If so uninstall from there if removal tool will not work.

    You can always disable Norton for now also.

    Enabling or disabling Norton Internet Security or Norton Personal Firewall

    I need a new hijackthis log after performing the fixes I suggested.
  8. 19-03-2009  #7
    mojay
    mojay is offline Newbie
    ok I removed all the Norton products
    Last edited by mojay; 19-03-2009 at 12:34 AM.
  9. 20-03-2009  #8
    Neal
    Neal is offline Dedicated Member
    I need two things:

    1. What is going on now?

    2. Hijackthis log if further problems exist.

    Thanks.
  10. 26-03-2009  #9
    mojay
    mojay is offline Newbie
    ok I will post one here in a bit
  11. 27-03-2009  #10
    mojay
    mojay is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Ok it is actually working in normal mode now if I were try to get my firewall back could it affect the connection again or would you say norton was the problem

    thank you very much by the way I really appreciate the help
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« How to remove troj_generic.dit? | Eset Smart Security detecting lots of viruses »