Ok, I did that but when it restarts and gets back on I immediately get a window that tells me that I'm not in normal startup mode anymore and to go back and put it in normal startup mode and the settings will get changed back. Also, for 30 seconds or so, I get a notice that norton firewall is disabled. That fixes itself but when I try to close the first window it tells me I need to restart. I'll copy the new hijack this startup report....
StartupList report, 12/5/2005, 10:32:22 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis 1.99.1\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
BCMSMMSG = BCMSMMSG.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 = C:\WINDOWS\System32\hphmon05.exe
tgcmd = "C:\Program Files\support.com\bin\tgcmd.exe" /server
HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
LVCOMSX = C:\WINDOWS\System32\LVCOMSX.EXE
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
DIGStream = C:\Program Files\DIGStream\digstream.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
(Default) =
LDM = \Program\BackWeb-8876480.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\biogems.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
HP DArC Task #Hewlett-Packard#7900#CN395320RYEV.job
HP Usg Daily.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[symsupportutil]
CODEBASE =
https://www-secure.symantec.com/tech...upportutil.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD4A.OSD
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE =
http://www.apple.com/qtactivex/qtplugin.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/s...irector/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE =
http://go.microsoft.com/fwlink/?link...67&clcid=0x409
[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE =
http://download.microsoft.com/downlo...22/wmv9VCM.CAB
[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE =
http://www.snapfish.com/SnapfishActivia.cab
[AcDcToday Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX
CODEBASE = file://C:\Program Files\AutoCAD Architectural 2\AcDcToday.ocx
[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE =
http://fpdownload.macromedia.com/get.../ultrashim.cab
[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE =
http://www.installengine.com/engine/isetup.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE =
http://messenger.msn.com/download/Ms...Downloader.cab
[NOXLATE]
InProcServer32 = C:\WINDOWS\DOWNLO~1\InstFred.ocx
CODEBASE = file://C:\Program Files\AutoCAD Architectural 2\InstFred.ocx
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE =
http://download.macromedia.com/pub/s...sh/swflash.cab
[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE =
https://www-secure.symantec.com/tech...ActiveData.cab
[AcPreview Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX
CODEBASE = file://C:\Program Files\AutoCAD Architectural 2\AcPreview.ocx
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 7,547 bytes
Report generated in 0.093 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only