PDA

View Full Version : winlogon.exe exception causing error/restart


Tummy
2007-02-12, 19:58
Hi all, I've been scouring through your forums of late and have noticed similar problems to the one I am encountering. I run XP SP2 and every time I go to shutdown the system I receive a winlogon.exe error which in turn leads to the BSOD and the automatic reboot. After a series of normal and safe mode runs with Spybot and others the symptoms still occure and I can't seem to get rid of a Smitfraud virus with Spybot even in safe mode. The Smitfraud virus, however, Spybot tells me is directly related to a registry entry within Winlogon called instcat. And I have noticed on the hijack this log, attached below, that instcal.dll and partnership.dll are both associated with the 020 entries and winlogon. I believe Castlecops calls these both malware/trojans. Please steer me in the right direction

Thank You



Logfile of HijackThis v1.99.1
Scan saved at 1:53:45 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspi89062.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\update13428241.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)
O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi89062.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - c:\windows\system32\update13428241.exe
O23 - Service: msupdatefss (Microsoft Updater FileSystems) - Unknown owner - c:\windows\system32\update77526596.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Tummy
2007-02-14, 02:08
I just recently tried a couple of the options stated in similar issue threads and gathered some further info on the situation. I went into safe mode and ran a SVG scan: attached below.

The scan found over 120 instances, most in the system restore portion of the drive. This scared me a little but proceeded to quarantine the entire list. From safe mode the computer shut down and restarted with no problem. I then tried to shut down from normal mode, it worked fine but then on restart it froze forever on "Microsoft" logo w/initialization bar going back and forth beneath it. Had to manually shut off power. Restart yielded a safe mode prompt. So within safe mode I just restored all the quarantined items and I am now back to where I was at the end of the first message with the winlogon.exe causing BSOD and restart.

Here is the AVG report::red:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:47:12 PM 2/13/2007

+ Scan result:



C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004767.exe -> Backdoor.Small.nr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskmang.exe -> Downloader.Agent.beh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0018824.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update33674268.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update60978402.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012981.exe -> Downloader.Delf.aeu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP44\A0012664.exe -> Downloader.Murlo.fa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update94071568.exe -> Downloader.Small.cul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012982.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0013008.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004755.exe -> Downloader.Small.dwc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0007055.exe -> Dropper.Delf.va : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tny02.exe -> Dropper.Small.atd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003648.exe -> Dropper.Small.avb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0002473.exe -> Logger.Banker.amq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008241.dll -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008256.exe -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008288.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009478.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009499.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009515.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009553.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010549.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010563.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010577.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP41\A0010600.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010628.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011629.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011645.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012644.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012979.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0013707.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0014707.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0015707.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0015755.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0016755.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0017755.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0018758.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0019783.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020783.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\obdwk.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\odbcmr32.dll -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003643.dll -> Proxy.Dlena.bm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008121.dll -> Proxy.Small.ck : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003662.exe -> Proxy.Xorpix.ar : Cleaned with backup (quarantined).
[292] C:\Documents and Settings\All Users\Documents\Settings\partnership.dll -> Proxy.Xorpix.aw : Cleaned with backup (quarantined).
C:\Documents and Settings\Matt Everhart.EVERHART\Cookies\matt_everhart@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.17:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\spdghob9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.18:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\spdghob9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.19:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\spdghob9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.20:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\spdghob9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.21:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\spdghob9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008058.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008066.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008104.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008117.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP33\A0008132.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP33\A0008143.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008151.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008157.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008163.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008167.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008174.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008178.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008183.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008190.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008196.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
Tummy
2007-02-14, 02:14
AVG log cont...

C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP35\A0008202.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP35\A0008209.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP35\A0008215.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008248.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008254.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008262.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008280.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008286.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008295.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP37\A0008322.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP37\A0008328.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP37\A0008335.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009469.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009476.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009484.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009491.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009497.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009506.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009507.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009513.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009520.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009523.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009529.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009535.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009542.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009548.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009556.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010542.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010547.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010554.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010561.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010569.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010575.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010583.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP41\A0010598.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP41\A0010606.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP42\A0010612.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP42\A0010618.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP42\A0010620.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010621.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010626.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010632.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011621.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011627.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011635.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011637.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011643.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011651.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012637.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012642.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012650.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP44\A0012663.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\WINDOWS\system32\reg.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wsys.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msiphelp.dll -> Trojan.Agent.aet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0003772.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0003778.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004770.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004774.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004778.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004780.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004789.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7BB33AB4-537E-455C-AAF1-61BAF19CFB2B} -> Trojan.AntiHosts : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP26\A0005831.exe -> Trojan.Crypt.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003644.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012985.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0013006.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0017766.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\instcat.dll -> Worm.Locksky.aw : Cleaned with backup (quarantined).
[872] VM_3BF21000 -> Worm.Locksky.aw : Cleaned with backup (quarantined).


::Report end

I will post the HJKthis log that pertains to these quarantined items next:
Tummy
2007-02-14, 02:20
And this is the resulting Hijack This Log :sad:

Logfile of HijackThis v1.99.1
Scan saved at 5:54:09 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspi89062.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\systems.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)
O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi89062.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - c:\windows\system32\update13428241.exe
O23 - Service: msupdatefss (Microsoft Updater FileSystems) - Unknown owner - c:\windows\system32\update77526596.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Task Manager (Taskmng) - Unknown owner - C:\WINDOWS\system32\taskmang.exe (file missing)




Those were the reports with the quarantine and the shortly following startup freeze. Once the quarantine was removed the startup freeze was gone and the shutdown winlogon.exe error was back.

I then tried to target the instcat.dll file itself. So I copied it to another location as a backup and then had HijackThis delete:

C:\WINDOWS\SYSTEM32\instcat.dll

upon restart.
Once this dll was gone the startup freeze came back. Keep in mind I only waited for the screen to change for about 2-3 minutes. So in safe mode I moved instcat.dll back to the system32 folder and the startup was curred, but the shutdown error carries on.
Tummy
2007-02-14, 02:22
Here is my most recent HijackThis Log::red:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:37 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspi89062.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\systems.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)
O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi89062.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - c:\windows\system32\update13428241.exe
O23 - Service: msupdatefss (Microsoft Updater FileSystems) - Unknown owner - c:\windows\system32\update77526596.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Task Manager (Taskmng) - Unknown owner - C:\WINDOWS\system32\taskmang.exe



Sorry if all that was a bit confusing.
Mr_JAk3
2007-02-17, 21:18
Hi Tummy and welcome to the Forums :)

You're quite badly infected...One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.


Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Tummy
2007-02-19, 03:28
Thanks for getting back to me. I kind of figured I was in some trouble. Here are the new logs:


SDFix: Version 1.64

Run by: Matt - Sun 02/18/2007 @ 19:42:45.79

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
aspi113210

Path:
C:\WINDOWS\system32\aspi89062.exe

aspi113210 Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\aspi89062.exe - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\ws386.ini - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished


Logfile of HijackThis v1.99.1
Scan saved at 9:13:19 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)
O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - c:\windows\system32\update13428241.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Task Manager (Taskmng) - Unknown owner - C:\WINDOWS\system32\taskmang.exe
Mr_JAk3
2007-02-19, 15:16
Hi :)

There is a new version of SDFix available. PLease remove the old version from your computer and download the latest from here (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip).

Run it like you did before and post the fresh logs to here :bigthumb:
Tummy
2007-02-19, 18:30
Sorry for the mistake, here is the new SDFix and HijackThis logs:


SDFix: Version 1.66

Run by Matt - Mon 02/19/2007 @ 12:14:13.96

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Taskmng

Path:
c:\windows\system32\update13428241.exe /start
c:\windows\system32\msvcrtd.exe
C:\WINDOWS\system32\taskmang.exe

Microsoft Updater FileSystem Deleted
msupdate Deleted
Taskmng Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\system32\taskmang.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Add/Remove Programs List:

Ad-Aware SE Personal
AVG Anti-Spyware 7.5
CCleaner (remove only)
Conexant HD Audio
Soft Data Fax Modem with SmartCP
HijackThis 1.99.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.0
HP Solution Center and Imaging Support Tools 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Customer Experience Enhancement
Easy Internet Sign-up
LiveUpdate 3.0 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0229)
MagicDisc 2.5.74
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Document Explorer 2005
Microsoft SQL Server 2005
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Money 2006
Microsoft Compression Client Pack 1.0 for Windows XP
My HP Game Console
Netscape Browser (remove only)
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
Microsoft Office Professional Plus 2007
Intel(R) PRO Network Connections Drivers
PSPad editor
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Norton Internet Security 2006 (Symantec Corporation)
Synaptics Pointing Device Driver
Windows Genuine Advantage Validation Tool
My HP Games
Windows Media Connect
Polar Golfer
Polar Bowler
Super Granny
Tradewinds
Blackhawk Striker 2
Blasterball 2 Remix
FATE
Diner Dash 2
Bejeweled 2 Deluxe
Bistro Stars
Bookworm Deluxe
Cake Mania
Chuzzle Deluxe
Dora's Carnival Adventure
Family Feud
Garden Dreams
Insaniquarium Deluxe
JEOPARDY
Jewel Quest
SpongeBob SquarePants Krabby Quest
LEGO Builder Bots
Mah Jong Quest
Mystery Case Files
SCRABBLE
Slingo Deluxe
Snowy Space Trip
Tinos Fruit Stand
Wheel of Fortune
Blasterball 2 Revolution
Bounce Symphony
Penguins!
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Toolbar for Internet Explorer
Yahoo! Toolbar
F300
Sonic Data Module
Symantec KB-DocID:2003093015493306
Wireless Home Network Setup
TrayApp
ccCommon
Norton Internet Security
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft Producer for Microsoft Office PowerPoint 2003
AutoUpdate
CP_CalendarTemplates1
Microsoft SQL Server VSS Writer
Status
Sonic MyDVD Plus
Customer Experience Enhancement
Microsoft SQL Server 2005 Tools Express Edition
Quicken 2006
SkinsHP1
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
CC_ccProxyExt
Sonic Update Manager
ccPxyCore
ScannerCopy
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6
Java(TM) SE Development Kit 6
HP Quick Launch Buttons 6.10 A2
Unload
OptionalContentQFolder
HP Pavilion Webcam
HP Integrated Module with Bluetooth wireless technology
NetWaiting
RandMap
BufferChm
Microsoft Works
HP Wireless Assistant 2.00 G2
Microsoft Visual Studio 2005 Professional Edition - ENU
iTunes
Norton Internet Security
Microsoft Document Explorer 2005
HP QuickPlay 2.3
Office 2003 Trial Assistant
Norton Internet Security
CP_Panorama1Config
SolutionCenter
cp_LightScribeConfig
QuickTime
FullDPAppQFolder
Microsoft SQL Server Setup Support Files (English)
cp_PosterPrintConfig
Norton AntiSpam
Microsoft .NET Compact Framework 2.0
Sonic Express Labeler
eSupportQFolder
Macromedia Flash Player 8
AiOSoftwareNPI
Microsoft Visual J# 2.0 Redistributable Package
LightScribe 1.4.97.1
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Framework 2.0
F300Trb
Readme
CP_Package_Basic1
SPBBC
Microsoft Device Emulator version 1.0 - ENU
Sonic_PrimoSDK
DivX
ProductContextNPI
cp_UpdateProjectsConfig
Easy Internet Sign-up
Norton Protection Center
Macromedia Shockwave Player
PhotoGallery
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Access MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Professional Plus 2007
CueTour
TourSetup
Windows Defender
Apple Software Update
HP Help and Support
Norton Internet Security
Norton Internet Security
Sonic Audio Module
Adobe Reader 7.0.9
SymNet
CP_AtenaShokunin1Config
Sonic Copy Module
MSRedist
HP Update
cp_OnlineProjectsConfig
HP User Guides 0035
Microsoft SQL Server Native Client
DocProc
Scan
Norton AntiVirus 2006
AiO_Scan_CDA
Toolbox
Microsoft .NET Framework 1.1
HP Photosmart Essential
HpSdpAppCoreApp
Vongo
HPProductAssistant
Norton Internet Security
F300_Help
HP PSC & OfficeJet 6.1.A
Norton Internet Security
Norton WMI Update
WebReg
HP Pavilion Webcam Demo
Fax_CDA
Norton WMI Update
muvee autoProducer 5.0
NewCopy_CDA
InstantShareDevices
Norton Internet Security

Finished



Logfile of HijackThis v1.99.1
Scan saved at 12:25:17 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)
O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Mr_JAk3
2007-02-19, 21:03
Hi again, good work

We'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Open AVG Anti-Spyware is checked: On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

==================

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)
O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)

Open HijackThis.
Open the Misc Tools section
Delete a file on Reboot
Copy the following line to the filenamebox and press Open; C:\WINDOWS\SYSTEM32\instcat.dll
Answer Yes
Reboot the computer if it isn't restarted automatically

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Use the Windows search Start
Search
All files and folders
More advanced options Checkmark these options: "Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: odbcmr32.dll

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
Tummy
2007-02-20, 02:44
Here are the AVG and HijackThis log. I do just want to state like I did in my initial five posts that I did something similar to this last process you put me through. And it seemed that once instcat.dll went missing or was quarantined my start up seemed to freeze. But it worked on this initial boot after the quarantine, as it did before, so I am hoping for the best.:bigthumb:

I think that I will be leaving my computer on in case any of your next steps might address that issue, if at all needed.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:25:05 PM 2/19/2007

+ Scan result:



C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0019780.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020780.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020807.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020822.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0022841.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0022854.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0023870.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0023883.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0024883.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0025883.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0026883.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0026897.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0027897.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0028896.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0029897.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP48\A0030896.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP48\A0031897.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP50\A0031976.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP51\A0034911.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0018825.dll -> Adware.Yatool : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP52\A0038023.exe -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004767.exe -> Backdoor.Small.nr : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/taskmang.exe -> Downloader.Agent.beh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020800.exe -> Downloader.Agent.beh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54\A0039104.exe -> Downloader.Agent.beh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0018824.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020797.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020798.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update33674268.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update60978402.exe -> Downloader.Agent.ber : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012981.exe -> Downloader.Delf.aeu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP44\A0012664.exe -> Downloader.Murlo.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020802.exe -> Downloader.Small.cul : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update94071568.exe -> Downloader.Small.cul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012982.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0013008.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004755.exe -> Downloader.Small.dwc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mcert.dll -> Downloader.Small.ehe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pstore.dll -> Downloader.Small.ehe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ws_imod.dll -> Downloader.Small.ehe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0007055.exe -> Dropper.Delf.va : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020801.exe -> Dropper.Small.atd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tny02.exe -> Dropper.Small.atd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003648.exe -> Dropper.Small.avb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003653.exe -> Dropper.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0002473.exe -> Logger.Banker.amq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008241.dll -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008256.exe -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008288.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009478.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009499.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009515.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009553.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010549.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010563.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010577.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP41\A0010600.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010628.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011629.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011645.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012644.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012979.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0013707.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0014707.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0015707.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0015755.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0016755.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0017755.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0018758.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0019783.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020783.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020795.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020796.dll -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0022845.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0022856.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0023874.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0023888.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0024886.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0025886.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0026886.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0026900.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0027900.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0028899.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0029899.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP48\A0030899.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP48\A0031899.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP50\A0032915.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP51\A0033903.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP51\A0034898.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP52\A0034936.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP52\A0035928.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP52\A0036032.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP52\A0037010.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP52\A0038011.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54\A0038063.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54\A0039062.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\obdwk.sys -> Logger.Small.gm : Cleaned with backup (quarantined).
Tummy
2007-02-20, 02:48
C:\WINDOWS\system32\odbcmr32.dll -> Logger.Small.gm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003643.dll -> Proxy.Dlena.bm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008121.dll -> Proxy.Small.ck : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003662.exe -> Proxy.Xorpix.ar : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\zlsxszbi.next\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.10:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\zlsxszbi.next\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.9:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\zlsxszbi.next\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008058.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008066.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008104.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32\A0008117.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP33\A0008132.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP33\A0008143.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008151.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008157.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008163.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008167.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008174.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008178.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008183.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008190.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP34\A0008196.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP35\A0008202.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP35\A0008209.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP35\A0008215.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008248.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008254.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008262.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008280.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008286.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP36\A0008295.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP37\A0008322.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP37\A0008328.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP37\A0008335.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009469.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009476.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009484.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009491.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009497.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009506.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009507.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009513.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009520.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009523.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009529.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP39\A0009535.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009542.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009548.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0009556.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010542.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010547.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010554.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010561.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010569.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010575.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP40\A0010583.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP41\A0010598.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP41\A0010606.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP42\A0010612.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP42\A0010618.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP42\A0010620.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010621.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010626.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0010632.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011621.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011627.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011635.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011637.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011643.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0011651.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012637.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012642.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP43\A0012650.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP44\A0012663.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020793.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020794.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\WINDOWS\system32\reg.sys -> Trojan.Agent.ady : Cleaned with backup (quarantined).
Tummy
2007-02-20, 02:49
C:\WINDOWS\system32\wsys.dll -> Trojan.Agent.ady : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020799.dll -> Trojan.Agent.aet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msiphelp.dll -> Trojan.Agent.aet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0003772.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0003778.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004770.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004774.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004778.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004780.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24\A0004789.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7BB33AB4-537E-455C-AAF1-61BAF19CFB2B} -> Trojan.AntiHosts : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP26\A0005831.exe -> Trojan.Crypt.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP22\A0003644.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0012985.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45\A0013006.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46\A0017766.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0020792.dll -> Worm.Locksky.aw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP47\A0023863.dll -> Worm.Locksky.aw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54\A0039146.dll -> Worm.Locksky.aw : Cleaned with backup (quarantined).


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 8:40:56 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: odb_set - {10BA990A-66CF-44BD-8525-3FD1D377651C} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Mr_JAk3
2007-02-20, 09:29
Good work, looks better now :)

Download ComboScan (http://www.techsupportforum.com/sectools/Deckard/comboscan.exe) to your Desktop.


1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread.
5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
6. Please attach Supplementary.txt to your post.


Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

:bigthumb:
Tummy
2007-02-20, 17:11
Thanks for all your help so far I really appreciate the time your taking to help me out. The following is the ComboScan.txt file and the Supplementary.txt is attached.

ComboScan v20070212.14 run by Matt on 2007-02-20 at 10:58:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Matt.com) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:58:14 AM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Matt\Desktop\comboscan.exe
C:\DOCUME~1\Matt\LOCALS~1\Temp\~hrrshwa.tmp\Matt.com
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: odb_set - {10BA990A-66CF-44BD-8525-3FD1D377651C} - odbcmr32.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\Program Files\HijackThis\backups\) --------------

backup-20070213-162345-719 O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
backup-20070213-162345-758 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
backup-20070219-190210-730 O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
backup-20070219-190211-216 O21 - SSODL: odb_set - {6469EB27-A3BE-424D-8E6F-3CE35C6E69C5} - odbcmr32.dll (file missing)
backup-20070219-190211-656 O21 - SSODL: ykqGoUe - {372F5382-9D85-F928-A3A5-84A4652DAC93} - (no file)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
Tummy
2007-02-20, 17:15
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 5U870CAP_VID_1262&PID_25FD (HP Pavilion Webcam ) - System32\Drivers\5U870CAP.sys
4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS
0 ACPIEC (Microsoft Embedded Controller Driver) - system32\DRIVERS\ACPIEC.sys
4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys
4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys
0 AliIde - system32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys
4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
4 asc - \SystemRoot\system32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 BTKRNL (Bluetooth Bus Enumerator) - system32\DRIVERS\btkrnl.sys
3 BTWUSB (WIDCOMM USB Bluetooth Driver) - System32\Drivers\btwusb.sys
4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys
4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys
4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys
4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys
4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys
3 e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - system32\DRIVERS\e1e5132.sys
1 eabfiltr - system32\DRIVERS\eabfiltr.sys
3 eabusb - system32\DRIVERS\eabusb.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilRebootDrv - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HBtnKey - system32\DRIVERS\cpqbttn.sys
3 HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - system32\drivers\CHDAud.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
3 HSFHWAZL - system32\DRIVERS\HSFHWAZL.sys
3 HSF_DPV - system32\DRIVERS\HSF_DPV.sys
4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys
0 iaStor (Intel AHCI Controller) - system32\DRIVERS\iaStor.sys
4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 mcdbus (Driver for MagicISO SCSI Host Controller) - system32\DRIVERS\mcdbus.sys
3 mcemgr - \??\C:\WINDOWS\system32\obdwk.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MQAC (Message Queuing access control) - \??\C:\WINDOWS\system32\drivers\mqac.sys
4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070219.020\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070219.020\NavEx15.Sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
0 Pcmcia - system32\DRIVERS\pcmcia.sys
4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys
3 rimmptsk - system32\DRIVERS\rimmptsk.sys
3 rimsptsk - system32\DRIVERS\rimsptsk.sys
3 rismxdp (Ricoh xD-Picture Card Driver) - system32\DRIVERS\rixdptsk.sys
3 RMCAST (Reliable Multicast Protocol driver) - \??\C:\WINDOWS\system32\drivers\RMCast.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
1 SAVRT - \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
3 sdbus - system32\DRIVERS\sdbus.sys
4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 SNP2UVC (USB2.0 PC Camera (SNP2UVC)) - system32\DRIVERS\snp2uvc.sys
4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070214.003\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys
3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys
2 tmcomm - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys
3 UIUSys (Conexant Setup API) - system32\DRIVERS\UIUSYS.SYS
4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys
0 ViaIde - system32\DRIVERS\viaide.sys
3 w39n51 (Intel(R) PRO/Wireless 3945ABG Adapter Driver) - system32\DRIVERS\w39n51.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
1 WmiAcpi (Microsoft Windows Management Interface for ACPI) - system32\DRIVERS\wmiacpi.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 AddFiltr - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 btwdins (Bluetooth Service) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2 ccEvtMgr (Symantec Event Manager) - "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccISPwdSvc (Symantec Internet Security Password Validation) - "c:\Program Files\Norton Internet Security\ccPwdSvc.exe"
2 ccProxy (Symantec Network Proxy) - "c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
2 ccSetMgr (Symantec Settings Manager) - "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3 comHost (COM Host) - "c:\Program Files\Norton Internet Security\comHost.exe"
2 hpqwmiex - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe
2 MSMQTriggers (Message Queuing Triggers) - C:\WINDOWS\system32\mqtgsvc.exe
2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
4 MSSQLServerADHelper (SQL Server Active Directory Helper) - "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
4 msvsmon80 (Visual Studio 2005 Remote Debugger) - "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80
2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
3 NSCService (Norton Protection Center Service) - "c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
3 odserv (Microsoft Office Diagnostics Service) - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
3 SAVScan (Symantec AVScan) - "c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
2 SNDSrvc (Symantec Network Drivers Service) - "c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc (Symantec SPBBCSvc) - "c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
4 SQLBrowser (SQL Server Browser) - "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
3 SQLWriter (SQL Server VSS Writer) - "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
2 Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-19 20:30:41 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-17 16:28:00 298 --a------ C:\WINDOWS\Tasks\WebReg Deskjet F300 series.job<WEBREG~1.JOB>
2007-02-10 01:30:15 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Matt.job<NORTON~2.JOB>
2007-02-09 20:00:00 564 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Matt Everhart.job<NORTON~1.JOB>
2007-02-03 21:37:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-01-24 03:58:06 456 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job<EASYIN~1.JOB>
Tummy
2007-02-20, 17:19
-- Files created between 2007-01-20 and 2007-02-20 ------------------------------

2007-02-19 12:12:20 0 d-------- C:\SDFix
2007-02-17 16:16:49 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys<Signed: HP>
2007-02-17 16:16:49 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys<Signed: HP>
2007-02-17 16:16:27 46592 --a------ C:\WINDOWS\system32\hpzll43a.dll<Signed: Hewlett-Packard Company>
2007-02-17 16:16:25 77824 -ra------ C:\WINDOWS\system32\hpzids01.dll<Signed: n/a>
2007-02-17 16:14:31 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll<Signed: HP>
2007-02-17 16:14:31 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll<Signed: HP>
2007-02-17 16:14:31 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll<Signed: HP>
2007-02-17 16:14:31 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe<Signed: HP>
2007-02-17 16:14:31 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe<Signed: HP>
2007-02-17 16:14:31 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll<Signed: HP>
2007-02-14 18:20:15 0 d-------- C:\Book
2007-02-13 14:44:18 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-13 14:44:16 0 d-------- C:\Program Files\Grisoft
2007-02-12 19:44:16 5406 --a------ C:\WINDOWS\system32\mt_32.dll<Unsigned: n/a>
2007-02-12 15:29:40 71285 --a------ C:\WINDOWS\system32\update00822631.exe<UPDATE~1.EXE><Unsigned: n/a>
2007-02-11 12:29:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-09 19:27:39 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-09 16:11:32 0 d-------- C:\Documents and Settings\Matt\Application Data\Sonic
2007-02-09 16:10:49 0 d-------- C:\Documents and Settings\Matt\Application Data\Leadertech<LEADER~1>
2007-02-09 02:11:46 0 d-------- C:\Documents and Settings\Matt\Application Data\CyberLink<CYBERL~1>
2007-02-08 23:46:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-08 22:51:39 0 d-------- C:\Documents and Settings\Matt\Application Data\Lavasoft
2007-02-08 22:51:26 0 d-------- C:\Program Files\Lavasoft
2007-02-08 21:06:53 0 d-------- C:\Sysclean
2007-02-08 20:33:12 0 d-------- C:\Program Files\Microsoft Producer 2<MIF758~1>
2007-02-08 20:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage<OFFICE~1>
2007-02-08 18:28:57 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys<Signed: Trend Micro Inc.>
2007-02-08 18:25:22 0 d-------- C:\Documents and Settings\Matt\.housecall6.6<HOUSEC~1.6>
2007-02-08 16:58:09 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-07 20:59:13 0 d-------- C:\Documents and Settings\Matt\Application Data\AdobeUM
2007-02-05 18:03:19 36247 --a------ C:\WINDOWS\system32\update15319380.exe<UP696F~1.EXE><Unsigned: n/a>
2007-02-05 17:58:17 36247 --a------ C:\WINDOWS\system32\update75423858.exe<UP955A~1.EXE><Unsigned: n/a>
2007-02-05 17:48:11 34787 --a------ C:\WINDOWS\system32\update82924700.exe<UPE8C5~1.EXE><Unsigned: n/a>
2007-02-05 17:38:04 37707 --a------ C:\WINDOWS\system32\update99526774.exe<UP856A~1.EXE><Unsigned: n/a>
2007-02-05 17:27:55 36247 --a------ C:\WINDOWS\system32\update22460297.exe<UP0DD9~1.EXE><Unsigned: n/a>
2007-02-05 17:22:52 36247 --a------ C:\WINDOWS\system32\update39447735.exe<UP8358~1.EXE><Unsigned: n/a>
2007-02-05 17:12:47 36247 --a------ C:\WINDOWS\system32\update06650816.exe<UP0EB6~1.EXE><Unsigned: n/a>
2007-02-05 16:57:36 4127 --a------ C:\WINDOWS\system32\update90188820.exe<UP71DE~1.EXE><Unsigned: n/a>
2007-02-05 16:52:32 36247 --a------ C:\WINDOWS\system32\update66232247.exe<UP0DCC~1.EXE><Unsigned: n/a>
2007-02-05 16:36:53 14347 --a------ C:\WINDOWS\system32\update41577249.exe<UP0951~1.EXE><Unsigned: n/a>
2007-02-05 16:31:44 34787 --a------ C:\WINDOWS\system32\update27550653.exe<UPFD46~1.EXE><Unsigned: n/a>
2007-02-05 16:16:29 36247 --a------ C:\WINDOWS\system32\update40071825.exe<UP00CD~1.EXE><Unsigned: n/a>
2007-02-05 16:11:26 37707 --a------ C:\WINDOWS\system32\update44784850.exe<UPF8D8~1.EXE><Unsigned: n/a>
2007-02-05 16:01:18 36247 --a------ C:\WINDOWS\system32\update12494116.exe<UP84CA~1.EXE><Unsigned: n/a>
2007-02-05 15:51:07 36247 --a------ C:\WINDOWS\system32\update30858066.exe<UP75E1~1.EXE><Unsigned: n/a>
2007-02-05 15:40:51 36247 --a------ C:\WINDOWS\system32\update79211913.exe<UP7F35~1.EXE><Unsigned: n/a>
2007-02-05 15:30:38 27487 --a------ C:\WINDOWS\system32\update24525635.exe<UP00DA~1.EXE><Unsigned: n/a>
2007-02-05 15:25:35 36247 --a------ C:\WINDOWS\system32\update85268260.exe<UPE162~1.EXE><Unsigned: n/a>
2007-02-05 15:20:32 36247 --a------ C:\WINDOWS\system32\update34493574.exe<UP8BD9~1.EXE><Unsigned: n/a>
2007-02-05 15:15:27 4127 --a------ C:\WINDOWS\system32\update90110628.exe<UP81C3~1.EXE><Unsigned: n/a>
2007-02-05 15:00:10 36247 --a------ C:\WINDOWS\system32\update18864771.exe<UP70E2~1.EXE><Unsigned: n/a>
2007-02-05 14:50:02 34787 --a------ C:\WINDOWS\system32\update56324761.exe<UP79DB~1.EXE><Unsigned: n/a>
2007-02-05 14:44:56 36247 --a------ C:\WINDOWS\system32\update83349740.exe<UPEC55~1.EXE><Unsigned: n/a>
2007-02-05 14:39:51 36247 --a------ C:\WINDOWS\system32\update54417805.exe<UP88CB~1.EXE><Unsigned: n/a>
2007-02-05 14:29:42 37707 --a------ C:\WINDOWS\system32\update91906356.exe<UP7164~1.EXE><Unsigned: n/a>
2007-02-05 14:19:34 4127 --a------ C:\WINDOWS\system32\update54091001.exe<UP68B1~1.EXE><Unsigned: n/a>
2007-02-05 14:09:25 37707 --a------ C:\WINDOWS\system32\update92380205.exe<UP7BB5~1.EXE><Unsigned: n/a>
2007-02-05 13:48:58 36247 --a------ C:\WINDOWS\system32\update18561603.exe<UP7BB0~1.EXE><Unsigned: n/a>
2007-02-03 03:13:18 0 d-------- C:\WINDOWS\trace
2007-01-31 14:05:43 0 -rahs---- C:\MSDOS.SYS<Unsigned: n/a>
2007-01-31 14:05:43 0 -rahs---- C:\IO.SYS<Unsigned: n/a>
2007-01-31 13:13:49 0 d-------- C:\Documents and Settings\Matt\Application Data\Sun
2007-01-31 12:56:00 0 d-------- C:\9b16f4dcea9abf1d0ef38e36<9B16F4~1>
2007-01-31 12:55:54 0 d-------- C:\4381a928a4a8ab9d89193f22<4381A9~1>
2007-01-31 12:44:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-01-31 12:42:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-01-31 12:36:32 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-01-31 12:36:06 0 d-------- C:\WINDOWS\system32\en-US
2007-01-30 20:06:53 11427 --a------ C:\WINDOWS\system32\update85822562.exe<UPFB5C~1.EXE><Unsigned: n/a>
2007-01-30 19:56:43 11427 --a------ C:\WINDOWS\system32\update00165952.exe<UPF2D6~1.EXE><Unsigned: n/a>
2007-01-30 19:51:37 11427 --a------ C:\WINDOWS\system32\update05875513.exe<UPF941~1.EXE><Unsigned: n/a>
2007-01-30 19:46:33 11427 --a------ C:\WINDOWS\system32\update42467173.exe<UPF3E9~1.EXE><Unsigned: n/a>
2007-01-30 19:36:22 11427 --a------ C:\WINDOWS\system32\update08283928.exe<UP14C4~1.EXE><Unsigned: n/a>
2007-01-30 19:31:18 11427 --a------ C:\WINDOWS\system32\update61948338.exe<UP0C58~1.EXE><Unsigned: n/a>
2007-01-30 19:26:12 11427 --a------ C:\WINDOWS\system32\update67660831.exe<UPF843~1.EXE><Unsigned: n/a>
2007-01-30 19:21:09 11427 --a------ C:\WINDOWS\system32\update21958216.exe<UPF157~1.EXE><Unsigned: n/a>
2007-01-30 19:16:02 11427 --a------ C:\WINDOWS\system32\update50685333.exe<UP72D8~1.EXE><Unsigned: n/a>
2007-01-30 19:10:57 36247 --a------ C:\WINDOWS\system32\update83500639.exe<UP0947~1.EXE><Unsigned: n/a>
2007-01-30 19:00:49 36247 --a------ C:\WINDOWS\system32\update55730038.exe<UP894B~1.EXE><Unsigned: n/a>
2007-01-30 18:50:39 31867 --a------ C:\WINDOWS\system32\update39446154.exe<UP7958~1.EXE><Unsigned: n/a>
2007-01-30 18:45:32 11427 --a------ C:\WINDOWS\system32\update84360000.exe<UPEABE~1.EXE><Unsigned: n/a>
2007-01-30 18:40:28 24567 --a------ C:\WINDOWS\system32\update36905738.exe<UP84D5~1.EXE><Unsigned: n/a>
2007-01-30 18:35:25 36247 --a------ C:\WINDOWS\system32\update32959433.exe<UP7CD8~1.EXE><Unsigned: n/a>
2007-01-30 18:30:18 36247 --a------ C:\WINDOWS\system32\update29392395.exe<UP0069~1.EXE><Unsigned: n/a>
2007-01-30 18:25:16 36247 --a------ C:\WINDOWS\system32\update88018090.exe<UPEBE9~1.EXE><Unsigned: n/a>
2007-01-30 18:15:06 36247 --a------ C:\WINDOWS\system32\update53370680.exe<UP795A~1.EXE><Unsigned: n/a>
2007-01-30 17:59:44 36247 --a------ C:\WINDOWS\system32\update96504061.exe<UP6DDB~1.EXE><Unsigned: n/a>
2007-01-30 17:49:35 36247 --a------ C:\WINDOWS\system32\update90792697.exe<UP87E5~1.EXE><Unsigned: n/a>
2007-01-30 17:39:24 4127 --a------ C:\WINDOWS\system32\update92094928.exe<UP98C2~1.EXE><Unsigned: n/a>
2007-01-30 17:03:50 36247 --a------ C:\WINDOWS\system32\update91010333.exe<UP6445~1.EXE><Unsigned: n/a>
2007-01-30 16:09:26 36247 --a------ C:\WINDOWS\system32\update80286011.exe<UPE9C2~1.EXE><Unsigned: n/a>
2007-01-30 16:05:02 36247 --a------ C:\WINDOWS\system32\update21677000.exe<UPE849~1.EXE><Unsigned: n/a>
2007-01-30 14:33:43 36247 --a------ C:\WINDOWS\system32\update77119758.exe<UP8E50~1.EXE><Unsigned: n/a>
2007-01-29 23:27:46 0 d-------- C:\Documents and Settings\Matt\Bluetooth Software<BLUETO~1>
2007-01-27 15:58:20 4127 --a------ C:\WINDOWS\system32\update07407547.exe<UP065F~1.EXE><Unsigned: n/a>
2007-01-27 15:48:04 36247 --a------ C:\WINDOWS\system32\update30429230.exe<UP67DC~1.EXE><Unsigned: n/a>
2007-01-27 15:32:25 36247 --a------ C:\WINDOWS\system32\update44105609.exe<UPDATE~4.EXE><Unsigned: n/a>
2007-01-27 14:29:21 36247 --a------ C:\WINDOWS\system32\update65246881.exe<UPF468~1.EXE><Unsigned: n/a>
2007-01-27 14:13:42 36247 --a------ C:\WINDOWS\system32\update87910272.exe<UPEC56~1.EXE><Unsigned: n/a>
2007-01-27 14:08:34 36247 --a------ C:\WINDOWS\system32\update08801526.exe<UP06CC~1.EXE><Unsigned: n/a>
2007-01-27 13:53:01 36247 --a------ C:\WINDOWS\system32\update84141368.exe<UP03D2~1.EXE><Unsigned: n/a>
2007-01-27 13:47:48 36247 --a------ C:\WINDOWS\system32\update89770330.exe<UPEA47~1.EXE><Unsigned: n/a>
2007-01-27 13:42:33 37707 --a------ C:\WINDOWS\system32\update42851695.exe<UPDATE~3.EXE><Unsigned: n/a>
2007-01-27 13:37:40 0 --a------ C:\WINDOWS\system32\zDfop.dll<Unsigned: n/a>
2007-01-27 13:36:50 16384 --a------ C:\WINDOWS\system32\update13428241.exe<UPDATE~2.EXE><Unsigned: n/a>
2007-01-27 13:02:31 38912 --a------ C:\WINDOWS\system32\SatEu.exe<Unsigned: n/a>
2007-01-26 19:14:07 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-01-26 19:13:40 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-01-26 19:13:34 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-01-26 18:56:03 0 d-------- C:\WINDOWS\Symbols
2007-01-26 18:56:02 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-01-26 18:56:02 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-01-26 18:56:02 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-01-26 18:56:02 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-01-26 18:56:02 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions<PREEMP~1>
2007-01-26 17:12:21 0 d-------- C:\Documents and Settings\Matt\Application Data\PSpad
2007-01-26 17:12:13 0 d-------- C:\Program Files\PSPad editor<PSPADE~1>
2007-01-26 13:54:53 0 d-------- C:\Program Files\Common Files\L&H
2007-01-26 13:54:32 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-01-25 12:44:12 0 d-------- C:\Documents and Settings\Matt\Application Data\Netscape
2007-01-25 02:56:04 0 d-------- C:\Documents and Settings\Matt\Application Data\MSNInstaller<MSNINS~1>
2007-01-25 01:37:22 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-01-25 01:26:51 0 d--hs---- C:\Documents and Settings\Matt\UserData
2007-01-24 20:53:53 0 d-------- C:\WINDOWS\system32\LogFiles
2007-01-24 20:53:53 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-24 20:07:16 92160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys<Unsigned: MagicISO, Inc.>
2007-01-24 20:07:15 0 d-------- C:\Program Files\MagicDisc<MAGICD~1>
2007-01-24 19:57:32 0 d-------- C:\Program Files\MagicISO
2007-01-24 17:53:56 0 d-------- C:\Documents and Settings\Matt\Application Data\Apple Computer<APPLEC~1>
2007-01-24 04:18:53 0 d-------- C:\Documents and Settings\Matt\Application Data\Adobe
2007-01-24 04:16:16 0 d-------- C:\WINDOWS\system32\appmgmt
2007-01-24 04:08:40 0 d-------- C:\Documents and Settings\Matt\Application Data\Azureus
2007-01-24 04:02:26 0 d-------- C:\Documents and Settings\Matt\Application Data\Talkback
2007-01-24 03:56:06 0 d--hs---- C:\Documents and Settings\Matt\Temporary Internet Files<TEMPOR~1>
2007-01-24 03:56:06 0 d--hs---- C:\Documents and Settings\Matt\History
2007-01-24 03:54:54 0 d-------- C:\Documents and Settings\Matt\Application Data\Symantec
2007-01-24 03:54:54 0 d-------- C:\Documents and Settings\Matt\Application Data\Intuit
2007-01-24 03:54:53 5505024 --ah----- C:\Documents and Settings\Matt\NTUSER.DAT
2007-01-24 03:49:38 0 d-------- C:\Documents and Settings\Matt\Application Data\HP
2007-01-23 16:09:54 0 d-------- C:\Program Files\Activision<ACTIVI~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-20 10:55:18 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-17 17:30:28 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-17 16:27:19 109920 --a------ C:\WINDOWS\hpoins08.dat
2007-02-17 16:06:30 0 d---s---- C:\Documents and Settings\Matt\Application Data\Microsoft<MICROS~1>
2007-02-16 14:41:33 3357 --a------ C:\WINDOWS\mozver.dat
2007-02-12 20:01:35 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-02-08 17:53:50 0 d-------- C:\Program Files\CCleaner
2007-02-06 17:29:43 0 d-------- C:\Program Files\Unrar
2007-01-31 14:05:34 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-26 19:05:20 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-01-26 19:05:04 0 d-------- C:\Program Files\MSBuild
2007-01-26 13:18:50 0 d-------- C:\Program Files\Microsoft Works<MICROS~3>
2007-01-25 03:03:54 0 d-------- C:\Program Files\Rhapsody
2007-01-25 01:38:24 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-01-25 00:28:17 0 d-------- C:\Program Files\Java
2007-01-24 20:55:17 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-24 18:06:53 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-24 18:05:24 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-01-24 12:49:18 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys<Unsigned: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
2007-01-24 04:24:45 0 d-------- C:\Program Files\Windows NT<WINDOW~2>
2007-01-24 04:23:47 0 d-------- C:\Program Files\Quickensetup<QUICKE~1>
2007-01-24 04:23:32 0 d-------- C:\Program Files\Quicken
2007-01-24 04:23:14 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-01-24 04:22:00 0 d-------- C:\Program Files\NetWaiting<NETWAI~1>
2007-01-24 04:21:21 0 d-------- C:\Program Files\music_now<MUSIC_~1>
2007-01-24 04:21:19 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-01-24 04:20:42 0 d-------- C:\Program Files\Microsoft Office Trial Wizard<MI4B70~1>
2007-01-24 04:20:18 0 d-------- C:\Program Files\Microsoft Money 2006<MICROS~2>
2007-01-24 04:20:01 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-24 04:19:22 0 d-------- C:\Program Files\HP Games<HPGAME~1>
2007-01-24 04:13:07 0 d-------- C:\Program Files\Encarta Online<ENCART~1>
2007-01-24 04:13:07 0 d-------- C:\Program Files\DivX
2007-01-24 04:13:06 0 d-------- C:\Program Files\CONEXANT
2007-01-24 04:12:39 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-01-24 04:12:39 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-01-24 04:12:33 0 d-------- C:\Program Files\Common Files\Palo Alto Software<PALOAL~1>
2007-01-24 04:11:49 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-01-24 04:02:09 0 d-------- C:\Documents and Settings\Matt\Application Data\Mozilla
2007-01-24 03:49:11 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL<Signed: Symantec Corporation>
2007-01-24 03:49:11 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS<Signed: Symantec Corporation>
2007-01-24 03:49:11 0 d-------- C:\Program Files\Symantec
2007-01-24 03:48:28 0 d-------- C:\Program Files\HPQ
2007-01-24 03:38:21 0 d-------- C:\Program Files\Azureus
2007-01-01 15:56:25 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-04 11:56:58 19 --a------ C:\WINDOWS\popcinfo.dat
Tummy
2007-02-20, 17:20
-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /installquiet /nodetect"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"Cpqset"="C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"QuickTime Task"="\"C:\\program files\\quicktime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8A5849C4-93F3-429D-FF34-660A2068897C}"="OpenGL additional"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"odb_set"="{10BA990A-66CF-44BD-8525-3FD1D377651C}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Recoveru systems"="C:\\WINDOWS\\TEMP\\svchast.exe"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Recoveru systems"="C:\\WINDOWS\\TEMP\\svchast.exe"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{366bcef3-ab87-11db-98c6-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of ComboScan: finished at 2007-02-20 at 10:59:17 -------------------------
Mr_JAk3
2007-02-20, 18:43
Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Do NOT run it yet.

Open Notepad and copy the following lines into a new document:


@echo off
sc stop mcemgr
sc delete mcemgr
Save the document to your desktop as Remove.bat and filetype: All Files
Go to your desktop and run the file Remove.bat and allow to run it if prompted. A window will open and close.

Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :


REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8A5849C4-93F3-429D-FF34-660A2068897C}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"odb_set"="-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Recoveru systems"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Recoveru systems"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O21 - SSODL: odb_set - {10BA990A-66CF-44BD-8525-3FD1D377651C} - odbcmr32.dll (file missing)

Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\mt_32.dll
C:\WINDOWS\system32\update00822631.exe
C:\WINDOWS\system32\update15319380.exe
C:\WINDOWS\system32\update75423858.exe
C:\WINDOWS\system32\update82924700.exe
C:\WINDOWS\system32\update99526774.exe
C:\WINDOWS\system32\update22460297.exe
C:\WINDOWS\system32\update39447735.exe
C:\WINDOWS\system32\update06650816.exe
C:\WINDOWS\system32\update90188820.exe
C:\WINDOWS\system32\update66232247.exe
C:\WINDOWS\system32\update41577249.exe
C:\WINDOWS\system32\update27550653.exe
C:\WINDOWS\system32\update40071825.exe
C:\WINDOWS\system32\update44784850.exe
C:\WINDOWS\system32\update12494116.exe
C:\WINDOWS\system32\update30858066.exe
C:\WINDOWS\system32\update79211913.exe
C:\WINDOWS\system32\update24525635.exe
C:\WINDOWS\system32\update85268260.exe
C:\WINDOWS\system32\update34493574.exe
C:\WINDOWS\system32\update90110628.exe
C:\WINDOWS\system32\update18864771.exe
C:\WINDOWS\system32\update56324761.exe
C:\WINDOWS\system32\update83349740.exe
C:\WINDOWS\system32\update54417805.exe
C:\WINDOWS\system32\update91906356.exe
C:\WINDOWS\system32\update54091001.exe
C:\WINDOWS\system32\update92380205.exe
C:\WINDOWS\system32\update18561603.exe
C:\WINDOWS\system32\update85822562.exe
C:\WINDOWS\system32\update00165952.exe
C:\WINDOWS\system32\update05875513.exe
C:\WINDOWS\system32\update42467173.exe
C:\WINDOWS\system32\update08283928.exe
C:\WINDOWS\system32\update61948338.exe
C:\WINDOWS\system32\update67660831.exe
C:\WINDOWS\system32\update21958216.exe
C:\WINDOWS\system32\update50685333.exe
C:\WINDOWS\system32\update83500639.exe
C:\WINDOWS\system32\update55730038.exe
C:\WINDOWS\system32\update39446154.exe
C:\WINDOWS\system32\update84360000.exe
C:\WINDOWS\system32\update36905738.exe
C:\WINDOWS\system32\update32959433.exe
C:\WINDOWS\system32\update29392395.exe
C:\WINDOWS\system32\update88018090.exe
C:\WINDOWS\system32\update53370680.exe
C:\WINDOWS\system32\update96504061.exe
C:\WINDOWS\system32\update90792697.exe
C:\WINDOWS\system32\update92094928.exe
C:\WINDOWS\system32\update91010333.exe
C:\WINDOWS\system32\update80286011.exe
C:\WINDOWS\system32\update21677000.exe
C:\WINDOWS\system32\update77119758.exe
C:\WINDOWS\system32\update07407547.exe
C:\WINDOWS\system32\update30429230.exe
C:\WINDOWS\system32\update44105609.exe
C:\WINDOWS\system32\update65246881.exe
C:\WINDOWS\system32\update87910272.exe
C:\WINDOWS\system32\update08801526.exe
C:\WINDOWS\system32\update84141368.exe
C:\WINDOWS\system32\update89770330.exe
C:\WINDOWS\system32\update42851695.exe
C:\WINDOWS\system32\zDfop.dll
C:\WINDOWS\system32\update13428241.exe
C:\WINDOWS\system32\SatEu.exe
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\TEMP\svchast.exe
C:\WINDOWS\system32\obdwk.sys

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Select "All Files".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
:bigthumb:
Tummy
2007-02-20, 22:21
I hit a little hiccup and wanted to know what you thought of this error.
After pasting in the list of files for Killbox to delete on reboot and proceeding with the delete process I get the following error while it appears to be checking registry files.


"PendingFileRenameOperations Registry Data has been Removed by External Process"

with only an "OK" option

But the automatic reboot has aborted. Is it okay to manualy reboot or is Killbox not ready to reboot yet?
Tummy
2007-02-21, 02:59
I checked out other logs with the same error report and they all said it was nothing to worry about so I went ahead with the rest of your steps. Here are the Dr. Web CureIt and fresh HijackThis logs:

update13428241.exe;C:\!KillBox;Trojan.DownLoader.17809;Deleted.;
update13428241.exe( 3);C:\!KillBox;Trojan.DownLoader.17809;Deleted.;
Process.exe;C:\Documents and Settings\Matt\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Matt\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
instcat.dll;C:\Documents and Settings\Matt\My Documents\My Scans;Trojan.Proxy.1387;Deleted.;
GTDownHP.ocx;C:\Program Files\HP\HPNetworkAssistant\BrowserPlugins;Probably DLOADER.Trojan;Incurable.Moved.;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;Incurable.Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
brandit.exe;C:\SWSetup\BrandIt\Disk1;Probably STPAGE.Trojan;Incurable.Moved.;
A0003754.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP24;Trojan.Spambot;Deleted.;
A0008065.sys;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32;Trojan.MulDrop.5450;Deleted.;
A0008111.sys;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP32;Trojan.MulDrop.5450;Deleted.;
A0008138.sys;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP33;Trojan.MulDrop.5450;Deleted.;
A0013009.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP45;Trojan.DownLoader.18476;Deleted.;
A0017767.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP46;Trojan.DownLoader.18289;Deleted.;
A0039081.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Tool.Prockill;Incurable.Moved.;
A0039103.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Trojan.DownLoader.18289;Deleted.;
A0039229.sys;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Trojan.Spambot;Deleted.;
A0039230.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Trojan.MulDrop.5450;Deleted.;
A0039231.sys;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;BackDoor.Pomax;Deleted.;
A0039232.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;BackDoor.Pomax;Deleted.;
A0039233.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Trojan.DownLoader.17701;Deleted.;
A0039234.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Trojan.DownLoader.17701;Deleted.;
A0039237.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP54;Probably DLOADER.Trojan;Incurable.Moved.;
A0039325.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP56;Trojan.DownLoader.17809;Deleted.;
A0039328.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP56;Trojan.DownLoader.17809;Deleted.;



Logfile of HijackThis v1.99.1
Scan saved at 8:55:20 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\msiexec.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170265325031
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Tummy
2007-02-21, 03:14
For the time being the initial problem seems to be gone. I can shutdown and restart without issue. Thank you so much for you time and advice. Please let me know what else might still be at large.

I was also wondering what security programs you might recommend to have running to prevent/put up a good fight against all these issues?

:bigthumb:
Mr_JAk3
2007-02-21, 08:53
Hi again, it is looking clean now :)

Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.

Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe :bigthumb:
Tummy
2007-02-23, 14:45
:bigthumb:

I followed your steps to secure my now clean computer which gives me a great sense of relief. Thank you again so much for helping me get rid of the problems that plagued my computer. Once I get moved here in a week and get started at my new job I plan to see about getting into Malware University, I would love to be able to repay the favor you did for me. Thank You Again.

:bigthumb:
Mr_JAk3
2007-02-23, 17:41
That's great news and you're very welcome :D:

Nice to hear that you're interested in Malware Removal University :)

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb: