Trojans, Viruses and Malware I CANNOT get rid of

A

AURAcatalyst

New member
I've just gotten this computer and accidentally downloaded some infected files, in end, that infected my system. It's been a couple of days now after some basic removal with Norton Internet Security 2006, and Avast... as well as good old Spybot that I found that there is something else wrong. I downloaded HijackThis and read through the log, it seems nothing is wrong with it but I'm not sure... I need help!

Logfile of HijackThis v1.99.1
Scan saved at 11:23:03 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system\hpsysdrv.exe
c:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\drjquxnn.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C85FFC58-3DB0-4340-9414-69773E487787}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Hi AURAcatalyst

Rename HijackThis.exe to HJT.exe and post a fresh HijackThis log, please :)
 
Logfile of HijackThis v1.99.1
Scan saved at 10:59:01 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HJT.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F67AA1F-E6F7-43D4-BADD-445EB3EF5A38} - C:\WINDOWS\system32\sstqq.dll
O2 - BHO: (no name) - {27B4831E-FA7A-4037-ACD6-8360B135B946} - C:\WINDOWS\system32\vtuvstt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\kywuprgi.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\drjquxnn.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C85FFC58-3DB0-4340-9414-69773E487787}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: sstqq - C:\WINDOWS\system32\sstqq.dll
O20 - Winlogon Notify: vtuvstt - C:\WINDOWS\SYSTEM32\vtuvstt.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Well, here's the HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 11:18:33 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\HJT.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {27B4831E-FA7A-4037-ACD6-8360B135B946} - C:\WINDOWS\system32\vtuvstt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\kywuprgi.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D3425328-ED90-4CF3-B33D-FD23AA637227} - C:\WINDOWS\system32\sstqq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\drjquxnn.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: vtuvstt - C:\WINDOWS\SYSTEM32\vtuvstt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

And here's the VundoFix log...

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Scan started at 10:45:07 PM 1/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\winmmt32.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winmmt32.dll
C:\WINDOWS\system32\winmmt32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\sstqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.tmp
C:\WINDOWS\system32\qqtss.tmp Has been deleted!

Performing Repairs to the registry.
Done!
 
Hi

Is Norton up-to-date? If so, you should uninstall avast! Only one antivirus active/computer.

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\kywuprgi.dll
O2 - BHO: (no name) - {D3425328-ED90-4CF3-B33D-FD23AA637227} - C:\WINDOWS\system32\sstqq.dll (file missing)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\drjquxnn.dll",setvm

1. Download this file - combofix.exe
2. Go to start -> run
Type following text and press ok:

"%userprofile%\desktop\combofix.exe" /v vtuvstt

3. Reboot

4. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Delete if present:

C:\WINDOWS\system32\kywuprgi.dll
C:\WINDOWS\system32\drjquxnn.dll

Empty Recycle Bin

Send:

- a fresh HijackThis log
- combofix report
 
Sorry I haven't posted. Been a little busy.. But here's the two logs.

First, HijackThis..

Logfile of HijackThis v1.99.1
Scan saved at 9:41:18 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\HijackThis\HJT.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EFD2035-20A2-4FF9-9A5B-F0BCF77DFFE2} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



And now the ComboFix log...

"HP_Owner" - 07-01-14 21:32:05 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\HP_Owner\desktop"
Command switches used :: /v vtuvstt

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 12:21 <DIR> d-------- C:\Program Files\NeverwinterNights
2007-01-11 22:45 <DIR> d-------- C:\VundoFix Backups
2007-01-10 22:58 81,684 --a------ C:\WINDOWS\system32\cmnxdvey.dll
2007-01-10 14:50 <DIR> d-------- C:\UT2004
2007-01-09 23:34 <DIR> d-------- C:\Program Files\Emulators
2007-01-09 21:34 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Ahead
2007-01-09 21:20 22,541 ---hs---- C:\WINDOWS\system32\efcyyww.dll
2007-01-07 23:05 <DIR> d---s---- C:\DOCUME~1\HP_Owner\UserData
2007-01-07 16:31 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-07 16:31 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-01-07 16:24 <DIR> d-------- C:\Program Files\Starcraft
2007-01-07 15:34 <DIR> d-------- C:\Program Files\CyberFront
2007-01-06 03:06 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-06 00:56 <DIR> d-------- C:\HijackThis
2007-01-05 22:38 22,541 ---hs---- C:\WINDOWS\system32\ljjjkji.dll
2007-01-05 22:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-05 20:55 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Help
2007-01-05 17:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-05 17:49 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-01-05 17:46 <DIR> d-------- C:\Program Files\Warcraft III
2007-01-05 01:48 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-04 19:54 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-04 17:08 <DIR> d-------- C:\WINDOWS\pss
2007-01-04 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-03 22:23 81,684 --a------ C:\WINDOWS\system32\vrwugsrv.dll
2007-01-03 22:23 44,060 --a------ C:\WINDOWS\system32\kywuprgi.dll
2007-01-03 22:23 118,804 --a------ C:\WINDOWS\system32\drjquxnn.dll
2007-01-03 22:16 27,648 --a------ C:\nawueg.exe
2007-01-03 22:15 22,541 ---hs---- C:\WINDOWS\system32\ddcyyxw.dll
2007-01-03 21:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-03 21:12 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-03 21:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-03 21:11 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-03 20:42 <DIR> dr-h----- C:\MSOCache
2007-01-03 16:22 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-01-03 16:22 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-01-03 16:22 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-01-03 16:22 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-01-03 16:22 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-03 16:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-03 16:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-03 16:22 <DIR> d-------- C:\Program Files\Ahead
2007-01-03 00:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-03 00:09 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-03 00:07 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Adobe
2007-01-03 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-01-02 23:09 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Sonic
2007-01-02 23:09 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Leadertech
2007-01-02 19:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-01-02 19:13 <DIR> d-------- C:\Program Files\QuickTime
2007-01-02 19:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
2007-01-02 19:12 <DIR> d-------- C:\Program Files\Trillian
2007-01-02 18:47 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-01-02 18:46 <DIR> dr-hs---- C:\cmdcons
2007-01-02 18:46 <DIR> d-------- C:\WINDOWS\setup.pss
2007-01-02 18:29 <DIR> d-------- C:\Program Files\Opera
2007-01-02 18:29 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Opera
2007-01-02 17:46 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-01-02 17:26 <DIR> d-------- C:\Program Files\EA GAMES
2007-01-02 17:23 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\HPQ
2007-01-02 17:18 <DIR> d-------- C:\Program Files\Lavalys
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\WINDOWS
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Symantec
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Real
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Intuit
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Symantec
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Real
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intuit
2007-01-02 16:42 <DIR> d-------- C:\WINDOWS\Prefetch


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 15:47 -------- d--h----- C:\Program Files\installshield installation information
2007-01-12 17:47 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-10 15:32 -------- d---s---- C:\DOCUME~1\HP_Owner\Application Data\microsoft
2007-01-09 21:47 -------- d-------- C:\Program Files\online services
2007-01-09 21:25 -------- d-------- C:\Program Files\norton internet security
2007-01-05 14:05 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-01-05 14:05 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-05 14:05 -------- d-------- C:\Program Files\symantec
2007-01-03 00:13 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-03 00:05 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\macromedia
2007-01-02 18:07 -------- d-------- C:\Program Files\quicken
2007-01-02 17:06 -------- d-------- C:\Program Files\Common Files\real
2007-01-02 17:04 -------- d-------- C:\Program Files\Common Files\hp
2007-01-02 17:03 -------- d-------- C:\Program Files\Common Files\sonic shared
2007-01-02 16:59 -------- d-------- C:\Program Files\yahoo!
2007-01-02 16:59 -------- d-------- C:\Program Files\wildtangent
2006-11-28 10:16 -------- d-------- C:\Program Files\hewlett-packard
2006-11-28 10:06 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-11-28 09:56 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-28 09:54 -------- d-------- C:\Program Files\pc-doctor for dos
2006-11-28 09:54 -------- d-------- C:\Program Files\pc-doctor 5 for windows
2006-11-28 09:49 118842 -ra------ C:\WINDOWS\hpcpcuninstaller-6.3.2.116-9972322.exe
2006-11-28 09:48 13570 --a------ C:\WINDOWS\system32\choddi.sys
2006-11-28 09:43 -------- d-------- C:\Program Files\microsoft works
2006-11-28 09:41 -------- d-------- C:\Program Files\msn encarta standard
2006-11-28 09:41 -------- d-------- C:\Program Files\microsoft money 2006
2006-11-28 09:40 -------- d-------- C:\Program Files\hp
2006-11-28 09:33 -------- d-------- C:\Program Files\sonic
2006-11-28 09:33 -------- d-------- C:\Program Files\Common Files\surething shared
2006-11-28 09:31 -------- d-------- C:\Program Files\netscape
2006-11-28 09:31 -------- d-------- C:\Program Files\music_now
2006-11-28 09:22 -------- d-------- C:\Program Files\conexant
2006-11-28 09:21 -------- d-------- C:\Program Files\ati technologies
2006-11-28 09:12 -------- d-------- C:\Program Files\messenger
2006-11-28 09:08 -------- d-------- C:\Program Files\java
2006-11-28 09:08 -------- d-------- C:\Program Files\Common Files\java


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"IS CfgWiz"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"PCDrProfiler"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job
C:\WINDOWS\tasks\Warranty Reminder 11 month.job
C:\WINDOWS\tasks\Warranty Reminder 15 day.job

Completion time: 07-01-14 21:33:57
C:\ComboFix2.txt ... 07-01-14 21:19
 
Sorry, noticed that I generated a second ComboFix log.. Here it is...


"HP_Owner" - 07-01-14 21:13:09 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\HP_Owner\desktop"
Command switches used :: /v vtuvstt

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vtuvstt.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Ipwindows\ipwins.dll
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\Program Files\Common Files\{39415~1
C:\Program Files\VSAdd-in
C:\Program Files\Ipwindows


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 12:21 <DIR> d-------- C:\Program Files\NeverwinterNights
2007-01-11 22:45 <DIR> d-------- C:\VundoFix Backups
2007-01-10 22:58 81,684 --a------ C:\WINDOWS\system32\cmnxdvey.dll
2007-01-10 14:50 <DIR> d-------- C:\UT2004
2007-01-09 23:34 <DIR> d-------- C:\Program Files\Emulators
2007-01-09 21:34 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Ahead
2007-01-09 21:20 22,541 ---hs---- C:\WINDOWS\system32\efcyyww.dll
2007-01-07 23:05 <DIR> d---s---- C:\DOCUME~1\HP_Owner\UserData
2007-01-07 16:31 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-07 16:31 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-01-07 16:24 <DIR> d-------- C:\Program Files\Starcraft
2007-01-07 15:34 <DIR> d-------- C:\Program Files\CyberFront
2007-01-06 03:06 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-06 00:56 <DIR> d-------- C:\HijackThis
2007-01-05 22:38 22,541 ---hs---- C:\WINDOWS\system32\ljjjkji.dll
2007-01-05 22:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-05 20:55 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Help
2007-01-05 17:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-05 17:49 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-01-05 17:46 <DIR> d-------- C:\Program Files\Warcraft III
2007-01-05 01:48 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-04 19:55 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-04 19:55 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-04 19:55 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-04 19:54 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-04 19:54 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-04 19:54 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-04 19:54 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-04 19:54 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-04 17:08 <DIR> d-------- C:\WINDOWS\pss
2007-01-04 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-03 22:23 81,684 --a------ C:\WINDOWS\system32\vrwugsrv.dll
2007-01-03 22:23 44,060 --a------ C:\WINDOWS\system32\kywuprgi.dll
2007-01-03 22:23 118,804 --a------ C:\WINDOWS\system32\drjquxnn.dll
2007-01-03 22:16 27,648 --a------ C:\nawueg.exe
2007-01-03 22:15 22,541 ---hs---- C:\WINDOWS\system32\ddcyyxw.dll
2007-01-03 21:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-03 21:12 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-03 21:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-03 21:11 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-03 20:42 <DIR> dr-h----- C:\MSOCache
2007-01-03 16:22 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-01-03 16:22 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-01-03 16:22 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-01-03 16:22 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-01-03 16:22 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-03 16:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-03 16:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-03 16:22 <DIR> d-------- C:\Program Files\Ahead
2007-01-03 00:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-03 00:09 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-03 00:07 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Adobe
2007-01-03 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-01-02 23:09 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Sonic
2007-01-02 23:09 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Leadertech
2007-01-02 19:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-01-02 19:13 <DIR> d-------- C:\Program Files\QuickTime
2007-01-02 19:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
2007-01-02 19:12 <DIR> d-------- C:\Program Files\Trillian
2007-01-02 18:47 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-01-02 18:46 <DIR> dr-hs---- C:\cmdcons
2007-01-02 18:46 <DIR> d-------- C:\WINDOWS\setup.pss
2007-01-02 18:29 <DIR> d-------- C:\Program Files\Opera
2007-01-02 18:29 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Opera
2007-01-02 17:46 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-01-02 17:26 <DIR> d-------- C:\Program Files\EA GAMES
2007-01-02 17:23 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\HPQ
2007-01-02 17:18 <DIR> d-------- C:\Program Files\Lavalys
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\WINDOWS
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Symantec
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Real
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Intuit
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Symantec
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Real
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intuit
2007-01-02 16:42 <DIR> d-------- C:\WINDOWS\Prefetch


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 15:47 -------- d--h----- C:\Program Files\installshield installation information
2007-01-12 17:47 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-10 15:32 -------- d---s---- C:\Documents and Settings\HP_Owner\Application Data\microsoft
2007-01-09 21:47 -------- d-------- C:\Program Files\online services
2007-01-09 21:34 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\ahead
2007-01-09 21:25 -------- d-------- C:\Program Files\norton internet security
2007-01-05 22:42 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\adobe
2007-01-05 20:55 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\help
2007-01-05 14:05 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-01-05 14:05 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-05 14:05 -------- d-------- C:\Program Files\symantec
2007-01-03 00:13 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-03 00:05 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\macromedia
2007-01-02 23:09 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\sonic
2007-01-02 23:09 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\leadertech
2007-01-02 18:52 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\my battle for middle-earth files
2007-01-02 18:29 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\opera
2007-01-02 18:07 -------- d-------- C:\Program Files\quicken
2007-01-02 17:23 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\hpq
2007-01-02 17:06 -------- d-------- C:\Program Files\Common Files\real
2007-01-02 17:06 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\real
2007-01-02 17:04 -------- d-------- C:\Program Files\Common Files\hp
2007-01-02 17:03 -------- d-------- C:\Program Files\Common Files\sonic shared
2007-01-02 16:59 -------- d-------- C:\Program Files\yahoo!
2007-01-02 16:59 -------- d-------- C:\Program Files\wildtangent
2006-11-28 10:16 -------- d-------- C:\Program Files\hewlett-packard
2006-11-28 10:14 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\symantec
2006-11-28 10:06 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-11-28 09:56 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-28 09:54 -------- d-------- C:\Program Files\pc-doctor for dos
2006-11-28 09:54 -------- d-------- C:\Program Files\pc-doctor 5 for windows
2006-11-28 09:49 118842 -ra------ C:\WINDOWS\hpcpcuninstaller-6.3.2.116-9972322.exe
2006-11-28 09:48 13570 --a------ C:\WINDOWS\system32\choddi.sys
2006-11-28 09:45 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\intuit
2006-11-28 09:43 -------- d-------- C:\Program Files\microsoft works
2006-11-28 09:41 -------- d-------- C:\Program Files\msn encarta standard
2006-11-28 09:41 -------- d-------- C:\Program Files\microsoft money 2006
2006-11-28 09:40 -------- d-------- C:\Program Files\hp
2006-11-28 09:33 -------- d-------- C:\Program Files\sonic
2006-11-28 09:33 -------- d-------- C:\Program Files\Common Files\surething shared
2006-11-28 09:31 -------- d-------- C:\Program Files\netscape
2006-11-28 09:31 -------- d-------- C:\Program Files\music_now
2006-11-28 09:22 -------- d-------- C:\Program Files\conexant
2006-11-28 09:21 -------- d-------- C:\Program Files\ati technologies
2006-11-28 09:12 -------- d-------- C:\Program Files\messenger
2006-11-28 09:08 -------- d-------- C:\Program Files\java
2006-11-28 09:08 -------- d-------- C:\Program Files\Common Files\java


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"IS CfgWiz"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"PCDrProfiler"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070114-210947-111
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\drjquxnn.dll",setvm
backup-20070114-210947-716
O2 - BHO: (no name) - {D3425328-ED90-4CF3-B33D-FD23AA637227} - C:\WINDOWS\system32\sstqq.dll (file missing)
backup-20070114-210946-928
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\kywuprgi.dll
backup-20070114-210946-417
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job
C:\WINDOWS\tasks\Warranty Reminder 11 month.job
C:\WINDOWS\tasks\Warranty Reminder 15 day.job

Completion time: 07-01-14 21:19:52
 
Hi

Open HijackThis, click do a system scan only and checkmark this:

O2 - BHO: (no name) - {6EFD2035-20A2-4FF9-9A5B-F0BCF77DFFE2} - C:\WINDOWS\system32\mllmj.dll (file missing)

Close all windows including browser and press fix checked.

Make your hidden&system files visible, info

Delete if present:

C:\WINDOWS\system32\vrwugsrv.dll
C:\WINDOWS\system32\kywuprgi.dll
C:\WINDOWS\system32\drjquxnn.dll
C:\nawueg.exe
C:\WINDOWS\system32\ddcyyxw.dll
C:\WINDOWS\system32\cmnxdvey.dll
C:\WINDOWS\system32\efcyyww.dll
C:\WINDOWS\system32\ljjjkji.dll

Empty Recycle Bin

Reboot

Re-run combofix

Send:

- a fresh HijackThis log
- kaspersky report
 
Alright, here's the two logs again, as per usual...

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:12:09 AM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HJT.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



And now the ComboFix:

"HP_Owner" - 07-01-15 10:12:26 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\HP_Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-14 12:21 <DIR> d-------- C:\Program Files\NeverwinterNights
2007-01-11 22:45 <DIR> d-------- C:\VundoFix Backups
2007-01-10 14:50 <DIR> d-------- C:\UT2004
2007-01-09 23:34 <DIR> d-------- C:\Program Files\Emulators
2007-01-09 21:34 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Ahead
2007-01-09 21:20 22,541 ---hs---- C:\WINDOWS\system32\efcyyww.dll
2007-01-07 23:05 <DIR> d---s---- C:\DOCUME~1\HP_Owner\UserData
2007-01-07 16:31 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-07 16:31 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-01-07 16:24 <DIR> d-------- C:\Program Files\Starcraft
2007-01-07 15:34 <DIR> d-------- C:\Program Files\CyberFront
2007-01-06 03:06 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-06 00:56 <DIR> d-------- C:\HijackThis
2007-01-05 22:38 22,541 ---hs---- C:\WINDOWS\system32\ljjjkji.dll
2007-01-05 22:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-05 20:55 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Help
2007-01-05 17:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-05 17:49 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-01-05 17:46 <DIR> d-------- C:\Program Files\Warcraft III
2007-01-05 01:48 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-04 19:54 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-04 17:08 <DIR> d-------- C:\WINDOWS\pss
2007-01-04 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-03 22:15 22,541 ---hs---- C:\WINDOWS\system32\ddcyyxw.dll
2007-01-03 21:13 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-03 21:12 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-03 21:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-03 21:11 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-03 20:42 <DIR> dr-h----- C:\MSOCache
2007-01-03 16:22 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-01-03 16:22 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-01-03 16:22 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-01-03 16:22 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-01-03 16:22 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-03 16:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-03 16:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-03 16:22 <DIR> d-------- C:\Program Files\Ahead
2007-01-03 00:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-03 00:09 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-03 00:07 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Adobe
2007-01-03 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-01-02 23:09 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Sonic
2007-01-02 23:09 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Leadertech
2007-01-02 19:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-01-02 19:13 <DIR> d-------- C:\Program Files\QuickTime
2007-01-02 19:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
2007-01-02 19:12 <DIR> d-------- C:\Program Files\Trillian
2007-01-02 18:47 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-01-02 18:46 <DIR> dr-hs---- C:\cmdcons
2007-01-02 18:46 <DIR> d-------- C:\WINDOWS\setup.pss
2007-01-02 18:29 <DIR> d-------- C:\Program Files\Opera
2007-01-02 18:29 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Opera
2007-01-02 17:46 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-01-02 17:26 <DIR> d-------- C:\Program Files\EA GAMES
2007-01-02 17:23 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\HPQ
2007-01-02 17:18 <DIR> d-------- C:\Program Files\Lavalys
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\WINDOWS
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Symantec
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Real
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\Application Data\Intuit
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Symantec
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Real
2007-01-02 16:43 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intuit
2007-01-02 16:42 <DIR> d-------- C:\WINDOWS\Prefetch


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 21:55 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-14 15:47 -------- d--h----- C:\Program Files\installshield installation information
2007-01-10 15:32 -------- d---s---- C:\DOCUME~1\HP_Owner\Application Data\microsoft
2007-01-09 21:47 -------- d-------- C:\Program Files\online services
2007-01-09 21:25 -------- d-------- C:\Program Files\norton internet security
2007-01-05 14:05 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-01-05 14:05 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-05 14:05 -------- d-------- C:\Program Files\symantec
2007-01-03 00:13 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-03 00:05 -------- d-------- C:\DOCUME~1\HP_Owner\Application Data\macromedia
2007-01-02 18:07 -------- d-------- C:\Program Files\quicken
2007-01-02 17:06 -------- d-------- C:\Program Files\Common Files\real
2007-01-02 17:04 -------- d-------- C:\Program Files\Common Files\hp
2007-01-02 17:03 -------- d-------- C:\Program Files\Common Files\sonic shared
2007-01-02 16:59 -------- d-------- C:\Program Files\yahoo!
2007-01-02 16:59 -------- d-------- C:\Program Files\wildtangent
2006-11-28 10:16 -------- d-------- C:\Program Files\hewlett-packard
2006-11-28 10:06 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-11-28 09:56 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-28 09:54 -------- d-------- C:\Program Files\pc-doctor for dos
2006-11-28 09:54 -------- d-------- C:\Program Files\pc-doctor 5 for windows
2006-11-28 09:49 118842 -ra------ C:\WINDOWS\hpcpcuninstaller-6.3.2.116-9972322.exe
2006-11-28 09:48 13570 --a------ C:\WINDOWS\system32\choddi.sys
2006-11-28 09:43 -------- d-------- C:\Program Files\microsoft works
2006-11-28 09:41 -------- d-------- C:\Program Files\msn encarta standard
2006-11-28 09:41 -------- d-------- C:\Program Files\microsoft money 2006
2006-11-28 09:40 -------- d-------- C:\Program Files\hp
2006-11-28 09:33 -------- d-------- C:\Program Files\sonic
2006-11-28 09:33 -------- d-------- C:\Program Files\Common Files\surething shared
2006-11-28 09:31 -------- d-------- C:\Program Files\netscape
2006-11-28 09:31 -------- d-------- C:\Program Files\music_now
2006-11-28 09:22 -------- d-------- C:\Program Files\conexant
2006-11-28 09:21 -------- d-------- C:\Program Files\ati technologies
2006-11-28 09:12 -------- d-------- C:\Program Files\messenger
2006-11-28 09:08 -------- d-------- C:\Program Files\java
2006-11-28 09:08 -------- d-------- C:\Program Files\Common Files\java
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"IS CfgWiz"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"PCDrProfiler"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98a3f3d7-9aa9-11db-941e-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job
C:\WINDOWS\tasks\Warranty Reminder 11 month.job
C:\WINDOWS\tasks\Warranty Reminder 15 day.job

Completion time: 07-01-15 10:14:40
C:\ComboFix2.txt ... 07-01-14 21:33
C:\ComboFix3.txt ... 07-01-14 21:19
 
Hi

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\efcyyww.dll
C:\WINDOWS\system32\ljjjkji.dll
C:\WINDOWS\system32\ddcyyxw.dll

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder -> C:\KillBox

Empty Recycle Bin

Re-run combofix

Send:

- a fresh HijackThis log
- kaspersky report
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top