Could someone please look at this and help me out here?

Thanks in advance,

Logfile of HijackThis v1.99.1
Scan saved at 6:20:52 PM, on 7/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\noucrolA.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\DOBE~1\msdtc.exe
C:\Documents and Settings\Steve\Application Data\??crosoft\u?erinit.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\qwerty12.exe
C:\WINDOWS\System32\mphuyavp.exe
C:\WINDOWS\System32\jdvutbgs.exe
C:\Documents and Settings\Steve\Desktop\Charon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.44.85.117:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [noucrolA] C:\WINDOWS\noucrolA.exe
O4 - HKLM\..\Run: [{D7-7F-F5-5E-ZN}] c:\windows\system32\nkdsregm.exe SKY009
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\hgxhmwpq.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aaou] "C:\WINDOWS\System32\DOBE~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [Sbqkij] "C:\Documents and Settings\Steve\Application Data\??crosoft\u?erinit.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {100C659D-2B0B-4BEF-B79A-34E4659B9A9C} (Pivotal ePower Lifecycle Engine (Version 5.7) - Platform Access (rdaclnt.dll)) - https://avenerm.avendra.com/epower/cab/RDACLNT.CAB
O16 - DPF: {154E3A83-BDE2-441E-A22C-EDAED67CF23A} (Pivotal eRelationship Active Access (Version 5.7) - Resources (rdares.dll)) - https://avenerm.avendra.com/epower/cab/RDARES.CAB
O16 - DPF: {24F10A0C-7983-4934-849D-582F940A8AC3} (Pivotal ePower Lifecycle Engine (Version 5.7) - Instantiator (rdaobjcreate.dll)) - https://avenerm.avendra.com/epower/cab/RdaObjCreate.cab
O16 - DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} (Pivotal eRelationship Active Access (version 5.7) - Shortcut Handler (rshortcut.dll)) - https://avenerm.avendra.com/epower/cab/RSHORTCUT.CAB
O16 - DPF: {309F16B3-B30C-4114-BE89-E63C4F593B41} (Pivotal eRelationship Active Access (Version 5.7) - Smart Portal (rdaprtl.dll)) - https://avenerm.avendra.com/epower/cab/RDAPRTL.CAB
O16 - DPF: {59A48F67-03E2-460F-9E0C-B3860634172A} (Pivotal eRelationship Active Access (Version 5.7) - Stealth Report Interface (rdaRprt.dll)) - https://avenerm.avendra.com/epower/cab/RDARPRT.CAB
O16 - DPF: {60927435-8441-4532-B2B7-45C9DE62945F} (Pivotal eRelationship Active Access (Version 5.7) - Portal Control Proxy (rdaui.dll)) - https://avenerm.avendra.com/epower/cab/RdaUI.cab
O16 - DPF: {8C42DAC2-0B6A-4F80-9794-3130E1C28345} (Pivotal eRelationship Active Access (Version 5.7) - Email Connector (rdaemail.dll)) - https://avenerm.avendra.com/epower/cab/RDAEMAIL.CAB
O16 - DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} (Pivotal ePower Lifecycle Engine (Version 5.7) - EMail Class (rn1sendx.dll)) - https://avenerm.avendra.com/epower/cab/RN1SENDX.CAB
O16 - DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} (Pivotal eRelationship Active Access (Version 5.7) - Plug-in Result Return Collection (dfoutils.dll)) - https://avenerm.avendra.com/epower/cab/DFOUTILS.CAB
O16 - DPF: {F4901BF2-3FB9-4948-BB0E-5BD2AFF09085} (Pivotal eRelationship Active Access (Version 5.7) - Shared Object Library Interface (rdashare.dll)) - https://avenerm.avendra.com/epower/cab/RDASHARE.CAB
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Download the latest version of ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download the HijackThis Installer:

Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

D/L'd new HJT program, and new log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:37 PM, on 7/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\qwerty12.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\noucrolA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\DOBE~1\msdtc.exe
C:\Documents and Settings\Steve\Application Data\??crosoft\u?erinit.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.44.85.117:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [noucrolA] C:\WINDOWS\noucrolA.exe
O4 - HKLM\..\Run: [{D7-7F-F5-5E-ZN}] c:\windows\system32\nkdsregm.exe SKY009
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\hgxhmwpq.dll",sitypnow
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aaou] "C:\WINDOWS\System32\DOBE~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [Sbqkij] "C:\Documents and Settings\Steve\Application Data\??crosoft\u?erinit.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {100C659D-2B0B-4BEF-B79A-34E4659B9A9C} (Pivotal ePower Lifecycle Engine (Version 5.7) - Platform Access (rdaclnt.dll)) - https://avenerm.avendra.com/epower/cab/RDACLNT.CAB
O16 - DPF: {154E3A83-BDE2-441E-A22C-EDAED67CF23A} (Pivotal eRelationship Active Access (Version 5.7) - Resources (rdares.dll)) - https://avenerm.avendra.com/epower/cab/RDARES.CAB
O16 - DPF: {24F10A0C-7983-4934-849D-582F940A8AC3} (Pivotal ePower Lifecycle Engine (Version 5.7) - Instantiator (rdaobjcreate.dll)) - https://avenerm.avendra.com/epower/cab/RdaObjCreate.cab
O16 - DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} (Pivotal eRelationship Active Access (version 5.7) - Shortcut Handler (rshortcut.dll)) - https://avenerm.avendra.com/epower/cab/RSHORTCUT.CAB
O16 - DPF: {309F16B3-B30C-4114-BE89-E63C4F593B41} (Pivotal eRelationship Active Access (Version 5.7) - Smart Portal (rdaprtl.dll)) - https://avenerm.avendra.com/epower/cab/RDAPRTL.CAB
O16 - DPF: {59A48F67-03E2-460F-9E0C-B3860634172A} (Pivotal eRelationship Active Access (Version 5.7) - Stealth Report Interface (rdaRprt.dll)) - https://avenerm.avendra.com/epower/cab/RDARPRT.CAB
O16 - DPF: {60927435-8441-4532-B2B7-45C9DE62945F} (Pivotal eRelationship Active Access (Version 5.7) - Portal Control Proxy (rdaui.dll)) - https://avenerm.avendra.com/epower/cab/RdaUI.cab
O16 - DPF: {8C42DAC2-0B6A-4F80-9794-3130E1C28345} (Pivotal eRelationship Active Access (Version 5.7) - Email Connector (rdaemail.dll)) - https://avenerm.avendra.com/epower/cab/RDAEMAIL.CAB
O16 - DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} (Pivotal ePower Lifecycle Engine (Version 5.7) - EMail Class (rn1sendx.dll)) - https://avenerm.avendra.com/epower/cab/RN1SENDX.CAB
O16 - DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} (Pivotal eRelationship Active Access (Version 5.7) - Plug-in Result Return Collection (dfoutils.dll)) - https://avenerm.avendra.com/epower/cab/DFOUTILS.CAB
O16 - DPF: {F4901BF2-3FB9-4948-BB0E-5BD2AFF09085} (Pivotal eRelationship Active Access (Version 5.7) - Shared Object Library Interface (rdashare.dll)) - https://avenerm.avendra.com/epower/cab/RDASHARE.CAB
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 10060 bytes

Why haven't you run combofix?

Sorry, misunderstood...

Here's the combofix log:

"Steve" - 2007-07-28 8:52:41 - ComboFix 07-07-23.6 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jdvutbgs.exe
C:\WINDOWS\system32\mphuyavp.exe
C:\WINDOWS\system32\tuvwxya.dll
C:\WINDOWS\system32\tuvwxya.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Steve\APPLIC~1.\crosof~1
C:\DOCUME~1\Steve\APPLIC~1.\crosof~1\u?erinit.exe
C:\DOCUME~1\Steve\APPLIC~1.\macromedia\Flash Player\#SharedObjects\G6X5HHX4\www.broadcaster.com
C:\DOCUME~1\Steve\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Steve\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Steve\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Steve\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\arm32.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Steve.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\TTC.dll
C:\temp\tn3
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\l.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\msdtc.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\L1
C:\WINDOWS\system32\L1\mwspasrt83122.exe
C:\WINDOWS\system32\L3
C:\WINDOWS\system32\L3\wr716.exe
C:\WINDOWS\system32\L5
C:\WINDOWS\system32\L5\tns2.exe
C:\WINDOWS\system32\L7
C:\WINDOWS\system32\tgaamxhg.exe
C:\WINDOWS\system32\tpko.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wnsapiit32.exe
C:\WINDOWS\TISKY009.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NET_AGENT
-------\LEGACY_NTMLSVC
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\DomainService
-------\Net Agent
-------\NtmlSvc


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


2007-07-28 08:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 21:55 784 --a------ C:\DOCUME~1\Steve\APPLIC~1\mpauth.dat
2007-07-27 19:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 17:18 126,016 --a------ C:\WINDOWS\system32\hgxhmwpq.dll
2007-07-27 17:15 69,184 --a------ C:\WINDOWS\system32\folghucf.dll
2007-07-27 17:12 50,688 --a------ C:\WINDOWS\system32\qwerty12.exe
2007-07-27 17:10 1,734,057 --ahs---- C:\WINDOWS\system32\cfhhk.bak2
2007-07-26 16:37 6,507 --ahs---- C:\WINDOWS\system32\cfhhk.bak1
2007-07-26 16:36 228,960 --a------ C:\WINDOWS\system32\khhfc.dll
2007-07-22 19:28 <DIR> d-------- C:\VundoFix Backups
2007-07-22 18:50 54,784 --a------ C:\WINDOWS\noucrol.exe
2007-07-22 18:50 1,116,352 -r-hs---- C:\WINDOWS\noucrolA.exe
2007-07-22 18:49 <DIR> d-------- C:\WINDOWS\system32\L11
2007-07-22 18:49 <DIR> d-------- C:\Temp\brr
2007-07-22 18:49 <DIR> d-------- C:\Temp\0c2
2007-07-22 18:49 <DIR> d-------- C:\Temp
2007-07-10 14:59 7,283 --a------ C:\syseqcs.exe
2007-07-05 17:59 7,283 --a------ C:\sysbbhi.exe
2007-06-30 17:28 7,283 --a------ C:\syscqml.exe
2007-06-30 17:28 7,283 --a------ C:\sysbkyz.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 00:28:15 -------- d-----w C:\Program Files\Common Files\Real
2007-07-20 00:27:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-19 22:12:06 -------- d-----w C:\Program Files\Kodak
2007-07-16 22:01:08 -------- d-----w C:\Program Files\Zone.com Deluxe Games
2007-07-16 21:52:40 -------- d-----w C:\Program Files\Messenger
2007-06-09 21:00:18 6,771 ----a-w C:\syswukq.exe
2007-06-08 21:46:52 -------- d-----w C:\Program Files\Triton
2007-06-03 14:41:45 -------- d-----w C:\DOCUME~1\Steve\APPLIC~1\Apple Computer
2007-05-25 21:08:16 6,742 ----a-w C:\sysheox.exe
2007-05-25 21:08:14 6,742 ----a-w C:\sysgoke.exe
2007-05-17 03:02:22 86,634 -c--a-w C:\Program Files\proxy.ini
2007-05-17 03:02:22 4,397 -c--a-w C:\Program Files\settings.ini
2007-05-16 13:49:40 3,852 -c--a-w C:\Program Files\judges.ini
2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-04 21:56:14 490 -c--a-w C:\Program Files\AdditionalURLS.txt
2007-05-04 21:56:14 420 -c--a-w C:\Program Files\Pages leeched for proxies.txt
2007-05-04 21:42:03 366 -c--a-w C:\Program Files\urls_not_to_leech.txt
2007-05-04 21:42:03 1,722 -c--a-w C:\Program Files\GoogleSearchwords.txt
2007-05-04 21:11:34 249,856 ------w C:\WINDOWS\Setup1.exe
2007-05-04 21:11:31 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2006-04-11 01:35:50 868,352 -c--a-w C:\Program Files\Charon.exe
2006-04-01 18:06:56 868,126 -c--a-w C:\Program Files\GeoIP.dat
2005-11-13 04:21:14 6,777 -c--a-w C:\Program Files\judge.php
2005-08-27 19:04:34 664 -c--a-w C:\Program Files\url filter keywords.ini
2005-08-16 06:34:58 88,333 -c--a-w C:\Program Files\engines.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FB3DC28-EFE4-4C90-B017-67CFA080879B}]
C:\WINDOWS\System32\jkhff.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25C23091-B932-4D76-B79C-D3EAF057D353}]
2007-07-26 16:36 228960 --a------ C:\WINDOWS\System32\khhfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72E29D65-F165-40A0-9E8F-BFD3C1041DE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-27 17:15 69184 --a------ C:\WINDOWS\System32\folghucf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 12:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 14:31]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 14:34]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 11:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 11:14]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 17:10]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 18:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 14:24]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 04:30]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 20:23]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 16:50]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"@"="" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-05-03 15:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
"Aaou"="C:\WINDOWS\System32\DOBE~1\msdtc.exe" []
"Sbqkij"="C:\Documents and Settings\Steve\Application Data\??crosoft\u?erinit.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 04:20:40]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-03-13 08:08:34]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\arm32reg]
C:\Documents and Settings\All Users\Documents\Settings\arm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khhfc]
C:\WINDOWS\System32\khhfc.dll 2007-07-26 16:36 228960 C:\WINDOWS\system32\khhfc.dll

R0 caboagp;ATI Cabo AGP Filter;C:\WINDOWS\System32\DRIVERS\atisgkaf.sys
R1 AFS2K;AFS2k;C:\WINDOWS\System32\drivers\AFS2K.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\System32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\System32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\System32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\System32\drivers\UdfReadr_xp.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\System32\DRIVERS\strmdisp.sys
R2 WmdmPmSp;Portable Media Serial Number;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\System32\Drivers\DKbFltr.SYS
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS
R3 HPCI;HP Configuration Interface;C:\WINDOWS\System32\DRIVERS\hpci.sys
R3 HSFHWALI;HSFHWALI;C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\System32\DRIVERS\SynTP.sys
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\System32\DRIVERS\ce3n5.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys


Contents of the 'Scheduled Tasks' folder
2007-07-28 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - tamika l. myers.job
2004-09-04 17:07:09 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 09:02:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\cfhhk.tmp

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-28 9:07:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-28 09:07

--- E O F ---

Unfortunately, I have some very bad news for you

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

I reinstalled the o/s. Thank you so much for all of your help. Donation to the site is coming.

You guys ROCK!!:crowned:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.