champster2k6

Hi guys. Reid helped me out a while back and my laptop seemed to be working a tad better. The issues regarding the ATI driver and system restore were not rectified but I did seem clear of spyware.

Now a new problem has occurred - programs won't seem to install. I downloaded the latest version of Norton 2007 (full version) for 50 odd quid and its been downhill from there. It didn't install properly and I cant access it in any way. I can't seem to install iTunes either - it just freezes. I can't remember where the hijack this log was saved to

Please help, my dissertation needs to be done! This laptop seems to be falling apart but I just need it to last until July then it can retire if it has to!
The link for my other thread is this.......
Numerous problems including slow system and ATI driver not working

champster2k6

I found the Hijack This program, here is the log (sorry for the double post, I didn't think I'd be able to install it as iTunes and Norton seemingly won't install):

Logfile of HijackThis v1.99.1
Scan saved at 12:52:39, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Lee\Desktop\iTunesSetup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexWipe] C:\Program Files\iISystem Wiper\IndexWipe.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123441493820
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

champster2k6

Wow it's busy here - this is on Page three already!

A little *bump* so this doesn't get lost in the shuffle

Ried

Hiya,

Actually, you're better off letting this thread slip to Page 3 as we do our best to work the logs oldest to newest.

First, let me state that if you still have combofix.exe on your system-- do not use it--delete it now. There are new rootkit infections that have targeted this tool and there is no way of knowing at this stage if you have one of those infections.

1. Download ComboScan to your Desktop.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt in your thread in the HijackThis Log Help forum.
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:ComboScanSupplementary.txt

3. Click Upload.

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

champster2k6

Hello Ried. I did have combofix and I have now deleted it. I have downloaded the new comboscan but the same thing is happening as what seems to be happening already.

In essence anything which I try to install/scan on my computer never finishes actually doing it. The little green bar goes about three quarters of the way across and then just stops. Norton done it and then jammed and now doesn't load up at all, iTunes stopped at about 80% and remained that way for over eight hours and now this is doing it. It has stopped on 79% and on the bit about the registry. If I remember correctly the other two stopped on something about the registry too - I think iTunes stopped on "Registering Modules" permanantly. When I attempt to close the applications they stop responding and then don't close, even after Ctrl-Alt-Del.

What on earth is going on

The comboscan has been stuck for half an hour now and if its the same as previous experience it won't go any further. I therefore cannot post the scan.

Help!

champster2k6

Ok that was wierd. I managed to close it and run the scan again. This time it worked within a minute - how odd. Well, here are the results:

ComboScan v20070212.14 run by Lee on 2007-02-15 at 16:39:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Unable to create System Restore WMI object; error code: 0x80041021
Performed disk cleanup.


-- HijackThis log (run as Lee.com) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:39:08, on 15/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\find.exe
C:\Documents and Settings\Lee\Desktop\comboscan.exe
C:\DOCUME~1\Lee\LOCALS~1\Temp\~yedlxyk.tmp\Lee.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123441493820
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controller Driver) - System32\DRIVERS\ACPIEC.sys
3 AgereSoftModem (TOSHIBA V92 Software Modem) - System32\DRIVERS\AGRSM.sys
3 Airgo (Airgo Networks True MIMO (tm) Wireless Driver) - system32\DRIVERS\wnihdd51.sys
3 ALCXSENS (Service for WDM 3D Audio Driver) - system32\drivers\ALCXSENS.SYS
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
3 AR5211 (Atheros Wireless Network Adapter Service) - System32\DRIVERS\ar5211.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
3 ati2mtag - System32\DRIVERS\ati2mtag.sys
0 atiide - System32\DRIVERS\atiide.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
2 BCMNTIO - \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
0 caboagp (ATI Cabo AGP Filter) - System32\DRIVERS\atisgkaf.sys
0 DevUpper (TI UltraMedia CardBus Controller Filter Driver) - System32\DRIVERS\tiumflt.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilRebootDrv - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
2 irda (IrDA Protocol) - System32\DRIVERS\irda.sys
2 MAPMEM - \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NAVENG.SYS
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NAVEX15.SYS
2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - System32\DRIVERS\netdevio.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - System32\DRIVERS\pciide.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 Rasirda (WAN Miniport (IrDA)) - System32\DRIVERS\rasirda.sys
3 RTL8023 (Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver) - System32\DRIVERS\Rtlnic51.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS
3 SMCIRDA (SMC IrCC Miniport Device Driver) - System32\DRIVERS\smcirda.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3 SRTSP - System32\Drivers\SRTSP.SYS
3 SRTSPL - System32\Drivers\SRTSPL.SYS
1 SRTSPX - System32\Drivers\SRTSPX.SYS
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070214.003\SymIDSCo.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynTP (Synaptics TouchPad Driver) - System32\DRIVERS\SynTP.sys
3 tiumfwl - system32\drivers\tiumfwl.sys
3 TVALD (Toshiba Mobile PC Service) - System32\DRIVERS\NBSMI.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 usb_rndisx (USB RNDIS Adapter) - system32\DRIVERS\usb8023x.sys
3 WNIPROT5 (WNIPROT5 Protocol Driver) - \??\C:\WINDOWS\System32\WNIPROT5.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 ANISERVICE (Airgo Networks NIC Service) - C:\WINDOWS\System32\aniServ.exe
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2 CFSvcs (ConfigFree Service) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2 CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
3 comHost (COM Host) - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 Irmon (Infrared Monitor) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2 SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
4 WinDefend (Windows Defender Service) - "C:\Program Files\Windows Defender\MsMpEng.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-02-12 20:00:16 618 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Lee.job<NORTON~1.JOB>
2007-02-11 17:10:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2006-12-30 17:45:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2006-05-31 23:33:40 102 --a------ C:\WINDOWS\Tasks\LowExisting.job<LOWEXI~1.JOB>
2005-03-01 23:02:13 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job<REGIST~3.JOB>


-- Files created between 2007-01-15 and 2007-02-15 ------------------------------

2007-02-13 0153 0 d-------- C:\Program Files\iTunes
2007-02-11 19:00:59 0 d-------- C:\Program Files\CheckIt
2007-02-11 16:00:08 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-02-11 15:58:39 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL<Signed: Symantec Corporation>
2007-02-11 15:58:39 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS<Signed: Symantec Corporation>
2007-02-11 15:57:12 0 d-------- C:\Program Files\Symantec
2007-02-11 15:26:46 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files<SYMANT~1>
2007-02-11 12:45:44 0 d-------- C:\Documents and Settings\Everyone else\Application Data\Talkback


-- Find3M Report ----------------------------------------------------------------

2007-02-15 16:31:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-15 01:31:41 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-13 12:52:17 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-13 01:07:12 0 d-------- C:\Program Files\iPod
2007-02-09 2150 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-01-25 10:08:17 0 d-------- C:\Documents and Settings\Lee\Application Data\SiteAdvisor<SITEAD~1>
2007-01-19 23:02:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-12 02:22:20 276792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys<Signed: Symantec Corporation>
2007-01-12 02:22:18 25400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys<Signed: Symantec Corporation>
2007-01-12 02:22:14 247608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys<Signed: Symantec Corporation>
2007-01-10 02:47:38 242320 --a------ C:\WINDOWS\system32\SymRedir.dll<Signed: Symantec Corporation>
2007-01-10 02:47:38 624784 --a------ C:\WINDOWS\system32\SymNeti.dll<Signed: Symantec Corporation>
2007-01-09 22:32:14 191544 --a------ C:\WINDOWS\system32\drivers\symtdi.sys<Signed: Symantec Corporation>
2007-01-09 22:32:14 27576 --a------ C:\WINDOWS\system32\drivers\symredrv.sys<Signed: Symantec Corporation>
2007-01-09 22:32:14 38200 --a------ C:\WINDOWS\system32\drivers\symndisv.sys<Signed: Symantec Corporation>
2007-01-09 22:32:14 35256 --a------ C:\WINDOWS\system32\drivers\symndis.sys<Signed: Symantec Corporation>
2007-01-09 22:32:14 40120 --a------ C:\WINDOWS\system32\drivers\symids.sys<Signed: Symantec Corporation>
2007-01-09 22:32:14 145976 --a------ C:\WINDOWS\system32\drivers\symfw.sys<Signed: Symantec Corporation>
2007-01-09 22:32:14 12984 --a------ C:\WINDOWS\system32\drivers\symdns.sys<Signed: Symantec Corporation>
2007-01-07 22:08:47 0 d-------- C:\Documents and Settings\Lee\Application Data\AdobeUM
2007-01-07 18:52:16 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-07 18:46:42 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-01-06 17:42:30 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2006-12-16 19:39:13 0 d---s---- C:\Documents and Settings\Lee\Application Data\Microsoft<MICROS~1>
2006-12-16 19:20:47 2508 --a------ C:\Documents and Settings\Lee\Application Data\$_hpcst$.hpc
2006-12-16 19:15:50 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2006-12-16 19:09:15 0 d-------- C:\Program Files\Common Files\ODBC
2006-11-28 13:58:46 1150 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-23 00:25:46 5220 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"iIWiper"="C:\\Program Files\\iISystem Wiper\\SystemWiper.exe m"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MI3AA1~1\\wcescomm.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TPSMain"="TPSMain.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"HydraVisionDesktopManager"="C:\\Program Files\\ATI Technologies\\ATI HYDRAVISION\\HydraDM.exe"
"Startup Manager Scanner"="C:\\Program Files\\Startup Mechanic\\StartupMonitor.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PadTouch"="\"C:\\Program Files\\TOSHIBA\\PadTouch\\PadExe.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of ComboScan: finished at 2007-02-15 at 16:40:29 -------------------------

Attached Files

	ComboScan.txt (23.7 KB, 1 views)
	Supplementary.txt (14.2 KB, 2 views)

Ried

Hello Lee,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

******************************************

Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:BFU).

Do not do anything with these yet.

--------------------------------------------------------------------

Reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Now, please go to Start > My Computer and navigate to the C:BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Beside the scriptline to execute field click the folder icon and select alcanshorty.bfu by double clicking on it.
• Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
• Click on see report. Then click Save report

--------------------------------------------------------------------

Run a new scan with ComboScan. I'll only need the ComboScan.txt this time.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG A/S results
Panda results
New ComboScan log
Update on system behavior

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

champster2k6

Ok, thanks, I'll start them now and post them as soon as they're done.

What do you think the program your deleting with Brute is?

Ried

I'm going after fixing this entry:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

I could have given you a regfix, but as I'm not sure if your regedit is working, I thought it quicker to use the above tool which will address that, as well as any other entries that may belong to the infection that caused the Disabling of Registry Tools.

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

champster2k6

Ok. I have downloaded the Brute Force and saved it in BFU folder. I can't right click and save as I'm in Mozilla. I tried using IE but that seems to have decided its not going to work, an error report comes up and it closes. How do I save a file in Mozilla?