Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
AVG keeps giving me this message about a trojan...I just strted the scan now but it already has information on the currently found viruses. DARN!!, now there are 13 trojans! Here are some of the results...(Only a few cause i cant copy it)
Name----- winasse.exe
path----- C:Windows\system32\
Discovery--- trojan horse PSW.Legendmir.DDJ
Source computer--- YOUR-727aQA4E7C
fSize---26.5kb
healable---no
source---backup copy
status----infectedother names are, c[1].gif, log4[1].exe,log[4].exe, winsmd.exe.....and alot more
Some are under windows files and say if u delete it it might harm the cpu (not exact words).. What should I do?
I have a mooveonboot that can delete anything i choose on the next cpu shutdown. Should I delete everything that doesnt have a message like may harm computer?
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0 
I got hijackthis and it scanned in a second. Is it supposed to do it that fast?
well anyway here are the results.Logfile of HijackThis v1.99.1
Scan saved at 7:11:04 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Intel\rundll32.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/se...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: 210531M.BMP
O20 - Winlogon Notify: rege2usb - C:\WINDOWS\SYSTEM32\rege2usb.dll
O21 - SSODL: QQHelper - {D92D666A-0FB7-5892-A7E8-293403330F7E} - C:\WINDOWS\Downloaded Program Files\jvm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version.We will need it later in safe mode
Download GMER from http://www.gmer.net/
Save it somewhere safe & unzip it to desktop
Double click the gmer.exe to run it and select the rootkit tab, press scan and when it has finished press save and copy the log back here please.
0
All of the programs you listed are downloaded.
Here are the Gmer results.
WARNING
It said it found system modifications caused by rootkit activity..........GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-26 21:08:58
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess---- Devices - GMER 1.0.11 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
---- Processes - GMER 1.0.11 ----Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\PROGRA~1\HPQ\shared\HPQTOA~1.exe [488] 0x00AF0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [916] 0x00ED0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1108] 0x007A0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe [1628] 0x03970000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\system32\ati2evxx.exe [1632] 0x00CD0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\ehome\ehtray.exe [3068] 0x003D0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [3096] 0x00B40000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [3220] 0x00A70000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3260] 0x00B30000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCAPP.exe [3412] 0x011C0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HP\QuickPlay\QPService.exe [3448] 0x00A00000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe [3512] 0x00E70000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [3644] 0x01080000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [3688] 0x00B30000
Library C:\WINDOWS\Intel\rundll32.exe (*** hidden *** ) @ C:\WINDOWS\TEMP\1895.tmp2.exe [3764] 0x00400000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\TEMP\1895.tmp2.exe [3764] 0x00A80000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [3808] 0x008C0000---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
0
Download haxfix.exe.
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
Click "Finish".
A red "dos window" (dos box) will open.
Select option 1. Make logfile by typing 1 and then pressing Enter.
Haxfix will start scanning the computer. When it is finished a logfile will open.
Copy the contents of that logfile and paste it into this thread.
0
Here are the results
HAXFIX logfile - by Marckie
______________
version 4.28
Thu 10/26/2006 21:45:14.16checking for haxdoor
--------------------
checking for a3d files....
a3d files not foundchecking for matching notify keys....
no matching notify keys found
checking for matching services....
matching services found
CmBatt
checking for matching safeboot services....
no matching safeboot services foundchecking for other haxdoorfiles....
Checking for goldun
-------------------checking for SSODL keys....
no ssodl keys foundchecking for notify keys....
rege2usbchecking for services....
regepsrvcchecking for other goldunfiles....
Finished
0
Double click on fix.bat desktop icon (Haxfix)
Close all other open windows since this step requires a reboot.Select option 2. Run auto fix by typing 2, and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile will open.
Post the contents of that logfile along with a new hijackthislog.
0
IM GETTING TONS OF "MALWARE FOUND" MESSAGES FROM AVG. SHOULD I IGNORE OR QUARINTINE THEM?
HAXFILE LOG
HAXFIX logfile - by Marckie
--------------
version 4.28
Thu 10/26/2006 22:06:52.38
--- Auto Haxdoorfix ---
searching for files:
no infections found
--- Goldunfix ---
searching for files:
searching for SSODLkeys:
no SSODLkeys foundsearching for notifykeys:
rege2usb
searching for services:
regepsrvc
deleting service regepsrvc
[SWSC] DeleteService SUCCESS
.....rebooting the computer.....
searching for ssodlkeysnot needed
searching for notifykeysnotifykey rege2usb not found
searching for servicesservice regepsrvc not found
searching for safeboot servicesnot needed
searching for files
rege2usb.dll exists
deleting rege2usb.dll
rege2usb.dll has been deleted
regepsrvc.sys exists
deleting regepsrvc.sys
regepsrvc.sys has been deleted
checking for other files
ksl48.bin exists
deleting ksl48.bin
ksl48.bin has been deleted
checking for a3d files
no a3d files found
Finished____________________________________________________________________________________________________________________________________
HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 10:12:09 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/se...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: 210531M.BMP
O21 - SSODL: QQHelper - {D92D666A-0FB7-5892-A7E8-293403330F7E} - C:\WINDOWS\Downloaded Program Files\jvm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
O20 - AppInit_DLLs: 210531M.BMP
O21 - SSODL: QQHelper - {D92D666A-0FB7-5892-A7E8-293403330F7E} - C:\WINDOWS\Downloaded Program Files\jvm.dll
Exit Hijack This but remain in safe mode.
Go to start> run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click OkNow navigate to and delete:
C:\WINDOWS\Downloaded Program Files\jvm.dll
Go to start > run and type regsvr32 occache.dll
Click ok.Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Reboot to normal mode
Please download ComboFix to the Desktop from this link:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the combofix.txt log.
Post a the AVG Anti-Spyware report on your desktop, and a new Hijack this log.
Your Java is outdated. Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
0
Everything you said is done. I will download spyblaster now. Should I delete all of the downloaded programs?
AVG Anti-Spyware - Scan Report
+ Created at: 9:40:04 PM 10/27/2006+ Scan result:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\bbbpibbm.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mswdm.exe -> Downloader.QQHelper.jb : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\InfoMs.tdm -> Logger.Delf.ps : Cleaned with backup (quarantined).
[1316] C:\Program Files\Internet Explorer\InfoMs.tdm -> Logger.Delf.ps : Cleaned with backup (quarantined).
[1772] C:\Program Files\Internet Explorer\InfoMs.tdm -> Logger.Delf.ps : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Internet Explorer\InfoMs.sys -> Trojan.Agent.eg : Cleaned with backup (quarantined).
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0748NAV~.TMP -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\WINDOWS\system32\explore.exe -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\WINDOWS\system32\message.exe -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0459NAV~.TMP -> Trojan.Agent.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Cnscheck001.dll -> Trojan.Agent.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vpcrm.exe -> Trojan.Lmir.bdj : Cleaned with backup (quarantined).
C:\WINDOWS\210531LZ.DLL -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[224] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[276] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[288] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[456] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[540] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[616] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
::Report end________________________________________________________________________________________
ComboFix
Rob - 06-10-27 21:49:57.07 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Rob\Desktop"((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))
2006-10-26 21:45 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-10-26 21:45 7,483 --a------ C:\clean.bat
2006-10-26 21:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-26 21:45 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-10-26 21:45 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-10-26 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 20:08 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
2006-10-24 20:08 98,304 --a------ C:\WINDOWS\system32\dlbtinsr.dll
2006-10-24 20:08 77,824 --a------ C:\WINDOWS\system32\dlbtcub.dll
2006-10-24 20:08 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
2006-10-24 20:08 667,648 --a------ C:\WINDOWS\system32\dlbtcomc.dll
2006-10-24 20:08 638,976 --a------ C:\WINDOWS\system32\dlbtpmui.dll
2006-10-24 20:08 512,000 --a------ C:\WINDOWS\system32\dlbthbn1.dll
2006-10-24 20:08 487,424 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
2006-10-24 20:08 466,944 --a------ C:\WINDOWS\system32\dlbtcoms.exe
2006-10-24 20:08 405,504 --a------ C:\WINDOWS\system32\dlbtcomm.dll
2006-10-24 20:08 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
2006-10-24 20:08 397,312 --a------ C:\WINDOWS\system32\dlbtutil.dll
2006-10-24 20:08 372,736 --a------ C:\WINDOWS\system32\dlbtcfg.exe
2006-10-24 20:08 356,352 --a------ C:\WINDOWS\system32\dlbtih.exe
2006-10-24 20:08 32,768 --a------ C:\WINDOWS\system32\dlbtcur.dll
2006-10-24 20:08 176,128 --a------ C:\WINDOWS\system32\dlbtinsb.dll
2006-10-24 20:08 143,360 --a------ C:\WINDOWS\system32\dlbtprox.dll
2006-10-24 20:08 139,264 --a------ C:\WINDOWS\system32\dlbtins.dll
2006-10-24 20:08 135,168 --a------ C:\WINDOWS\system32\dlbtjswr.dll
2006-10-24 20:08 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
2006-10-24 20:08 1,150,976 --a------ C:\WINDOWS\system32\dlbtserv.dll
2006-10-24 20:08 1,134,592 --a------ C:\WINDOWS\system32\dlbtusb1.dll
2006-10-24 18:37 53,760 --a------ C:\WINDOWS\system32\zt.dll
2006-10-21 19:50 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-21 19:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-21 16:38 53,553 --ahs---- C:\WINDOWS\210531JH.DLL
2006-10-21 15:36 49,152 --a------ C:\WINDOWS\system32\mywl.dll
2006-10-20 16:40 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-18 18:57 81,713 --ahs---- C:\WINDOWS\210531.DLL
2006-10-16 18:57 33,280 --a------ C:\WINDOWS\system32\dllwm.dll
2006-10-15 21:58 34 --a------ C:\WINDOWS\vbarun.dll
2006-10-15 16:42 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-15 16:42 53,248 --a------ C:\WINDOWS\system32\myztr.dll
2006-10-15 14:49 25,504 --a------ C:\WINDOWS\bvb.exe
2006-10-15 13:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-13 22:25 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-12 02:56 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-12 02:56 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-12 02:56 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-12 02:56 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-12 01:46 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2006-10-12 01:46 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2006-10-12 01:46 76,288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL
2006-10-12 01:46 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-10-12 01:46 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2006-10-12 01:46 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2006-10-12 01:46 54,784 -ra------ C:\WINDOWS\system32\msvci70.dll
2006-10-12 01:46 5,632 -ra------ C:\WINDOWS\system32\mfcuia32.dll
2006-10-12 01:46 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2006-10-12 01:46 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2006-10-12 01:46 37,888 -ra------ C:\WINDOWS\system32\ochlp30e.dll
2006-10-12 01:46 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2006-10-12 01:46 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2006-10-12 01:46 31,744 -ra------ C:\WINDOWS\system32\hlp95en.dll
2006-10-12 01:46 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2006-10-12 01:46 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-10-12 01:46 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2006-10-12 01:46 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2006-10-12 01:46 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2006-10-12 01:46 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-12 01:46 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2006-10-12 01:46 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2006-10-12 01:46 133,904 -ra------ C:\WINDOWS\system32\mfcans32.dll
2006-10-12 01:46 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\HPODXPAT.DLL
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-27 21:46 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-27 21:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 21:39 -------- d-------- C:\Program Files\DIGStream
2006-10-27 19:20 -------- d-------- C:\Program Files\Hijackthis
2006-10-27 16:29 -------- d-------- C:\Documents and Settings\Rob\Application Data\AVG7
2006-10-26 22:07 -------- d-------- C:\Program Files\HaxFix
2006-10-26 20:41 -------- d-------- C:\Program Files\Grisoft
2006-10-24 21:35 -------- d-------- C:\Program Files\Quicken
2006-10-24 21:21 -------- d-------- C:\Documents and Settings\Rob\Application Data\AdobeUM
2006-10-22 22:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2006-10-22 15:24 -------- d-------- C:\Program Files\WinRAR
2006-10-22 13:46 -------- d-------- C:\Documents and Settings\Rob\Application Data\Help
2006-10-22 13:33 30940 --a------ C:\Program Files\svhost32.exe
2006-10-21 19:48 -------- d-------- C:\Documents and Settings\Rob\Application Data\Microsoft
2006-10-20 22:57 -------- d-------- C:\Documents and Settings\Rob\Application Data\HP
2006-10-15 22:02 -------- d-------- C:\Documents and Settings\Rob\Application Data\U3
2006-10-15 00:45 -------- d-------- C:\Program Files\GiPo@Utilities
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files\Gibinsoft Shared
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sun
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sonic
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Leadertech
2006-10-13 23:45 -------- d-------- C:\Program Files\Google
2006-10-13 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-13 19:19 118 --a------ C:\Documents and Settings\Rob\Application Data\wklnhst.dat
2006-10-12 16:59 -------- d-------- C:\Documents and Settings\Rob\Application Data\Template
2006-10-12 16:39 -------- d-------- C:\Program Files\LimeWire
2006-10-12 16:04 -------- d-------- C:\Documents and Settings\Rob\Application Data\Google
2006-10-12 15:49 -------- d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2006-10-12 02:55 -------- d-------- C:\Program Files\HPQ
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 01:26 -------- d-------- C:\Program Files\RGB
2006-10-12 01:26 -------- d-------- C:\Program Files\Quickensetup
2006-10-12 01:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 01:26 -------- d-------- C:\Program Files\Online Services
2006-10-12 01:25 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-12 01:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 01:24 -------- d-------- C:\Program Files\music_now
2006-10-12 01:24 -------- d-------- C:\Program Files\MSN Encarta Plus
2006-10-12 01:24 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 01:24 -------- d-------- C:\Program Files\Microsoft Works
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Money 2006
2006-10-12 01:23 -------- d-------- C:\Program Files\Messenger
2006-10-12 01:23 -------- d-------- C:\Program Files\HP Rhapsody
2006-10-12 01:21 -------- d-------- C:\Program Files\GemMaster
2006-10-12 01:21 -------- d-------- C:\Program Files\ESPNMotion
2006-10-12 01:21 -------- d-------- C:\Program Files\EnglishOtto
2006-10-12 01:21 -------- d-------- C:\Program Files\Common Files\System
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Services
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-10-12 01:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2006-10-11 23:59 -------- d-------- C:\Program Files\WildTangent
2006-10-11 23:54 -------- d-------- C:\Documents and Settings\Rob\Application Data\Netscape
2006-10-11 23:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 21:50 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-11 19:48 -------- d-------- C:\Program Files\EMCO MoveOnBoot
2006-10-10 23:28 -------- d-a------ C:\Program Files\MyWebSearch
2006-10-10 21:53 -------- d-------- C:\Program Files\Agnitum
2006-10-08 22:44 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-10-07 19:08 -------- d-------- C:\Program Files\AlienGUIse
2006-09-16 22:52 -------- d-------- C:\Program Files\ArcadeRockstar
2006-09-16 19:43 -------- d-------- C:\Program Files\GSR
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 21:47 -------- d-------- C:\Program Files\PhotoFiltre
2006-09-15 21:42 -------- d-------- C:\Program Files\Adobe
2006-09-14 20:36 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-14 20:29 0 --------- C:\MSDOS.SYS
2006-09-14 20:29 0 --------- C:\IO.SYS
2006-09-12 21:29 -------- d-------- C:\Program Files\MP3 CD Converter Professional
2006-09-12 20:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-11 21:01 -------- d-------- C:\Program Files\Kazi Sound Recorder
2006-09-10 14:42 -------- d-------- C:\Program Files\HP
2006-09-10 14:42 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-09-08 23:45 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-08 23:15 -------- d-------- C:\Program Files\SmartAudioConverter
2006-09-08 23:07 -------- d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-09-06 12:07 -------- d-------- C:\Program Files\Rhapsody
2006-08-28 19:16 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 19:15 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
@=""
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{DD7D4640-4464-48C0-82FD-21338366D2D2}"=""
"{9915CFD1-6B7D-4AC5-ABAC-136924579E91}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"rx"="C:\\WINDOWS\\system32\\explore.exe"
"zz"="C:\\WINDOWS\\system32\\intenet.exe"
"wl"="C:\\WINDOWS\\system32\\svvosts.exe"
"lsz"="C:\\WINDOWS\\system32\\message.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"="C:\\WINDOWS\\system32\\vpcrm.exe"
"KernelCheck"="C:\\WINDOWS\\system32\\winasse.exe"
"CheckFaultKernel"="C:\\WINDOWS\\system32\\mswdm.exe"[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Roberra.job
C:\WINDOWS\tasks\Warranty Reminder 11 Months.job________________________________________________________________________________________
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 10:31:14 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/se...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeCompletion time: 06-10-27 21:50:36.53
C:\ComboFix.txt ... 06-10-27 21:50
0
Looks better, but a little more work to do. There is a good chance that the rootkit and other spyware and virus infected your computer via "LimeWire" you may want to look for an alternative. Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\system32\zt.dll
C:\WINDOWS\210531JH.DLL
C:\WINDOWS\210531.DLL
C:\WINDOWS\system32\myztr.dll
C:\WINDOWS\system32\mywl.dll
C:\Program Files\svhost32.exe
C:\Documents and Settings\Rob\Application Data\wklnhst.dat
C:\Program Files\MyWebSearch\
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\system32\svvosts.exe
C:\WINDOWS\system32\message.exe
C:\WINDOWS\system32\vpcrm.exe
C:\WINDOWS\system32\winasse.exe
C:\WINDOWS\system32\mswdm.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"rx"=-
"zz"=-
"wl"=-
"lsz"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"=-
"KernelCheck"=-
"CheckFaultKernel"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGo to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Please post a new Combofix log.
Update AVG-Antivirus and run another scan and post the results please.
0
AVG Anti-Spyware - Scan Report
+ Created at: 12:09:56 PM 10/28/2006+ Scan result:
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000163.dll -> Backdoor.Agent.aex : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000168.exe -> Downloader.QQHelper.jb : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000170.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000164.sys -> Trojan.Agent.eg : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000166.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000167.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000165.dll -> Trojan.Agent.im : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000169.exe -> Trojan.Lmir.bdj : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000162.DLL -> Trojan.Lmir.bdm : No action taken.
::Report endRob - 06-10-28 12:12:29.92 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Rob\Desktop"((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))
2006-10-26 21:45 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-10-26 21:45 7,483 --a------ C:\clean.bat
2006-10-26 21:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-26 21:45 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-10-26 21:45 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-10-26 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 20:08 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
2006-10-24 20:08 98,304 --a------ C:\WINDOWS\system32\dlbtinsr.dll
2006-10-24 20:08 77,824 --a------ C:\WINDOWS\system32\dlbtcub.dll
2006-10-24 20:08 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
2006-10-24 20:08 667,648 --a------ C:\WINDOWS\system32\dlbtcomc.dll
2006-10-24 20:08 638,976 --a------ C:\WINDOWS\system32\dlbtpmui.dll
2006-10-24 20:08 512,000 --a------ C:\WINDOWS\system32\dlbthbn1.dll
2006-10-24 20:08 487,424 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
2006-10-24 20:08 466,944 --a------ C:\WINDOWS\system32\dlbtcoms.exe
2006-10-24 20:08 405,504 --a------ C:\WINDOWS\system32\dlbtcomm.dll
2006-10-24 20:08 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
2006-10-24 20:08 397,312 --a------ C:\WINDOWS\system32\dlbtutil.dll
2006-10-24 20:08 372,736 --a------ C:\WINDOWS\system32\dlbtcfg.exe
2006-10-24 20:08 356,352 --a------ C:\WINDOWS\system32\dlbtih.exe
2006-10-24 20:08 32,768 --a------ C:\WINDOWS\system32\dlbtcur.dll
2006-10-24 20:08 176,128 --a------ C:\WINDOWS\system32\dlbtinsb.dll
2006-10-24 20:08 143,360 --a------ C:\WINDOWS\system32\dlbtprox.dll
2006-10-24 20:08 139,264 --a------ C:\WINDOWS\system32\dlbtins.dll
2006-10-24 20:08 135,168 --a------ C:\WINDOWS\system32\dlbtjswr.dll
2006-10-24 20:08 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
2006-10-24 20:08 1,150,976 --a------ C:\WINDOWS\system32\dlbtserv.dll
2006-10-24 20:08 1,134,592 --a------ C:\WINDOWS\system32\dlbtusb1.dll
2006-10-21 19:50 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-21 19:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-20 16:40 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-16 18:57 33,280 --a------ C:\WINDOWS\system32\dllwm.dll
2006-10-15 21:58 34 --a------ C:\WINDOWS\vbarun.dll
2006-10-15 16:42 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-15 14:49 25,504 --a------ C:\WINDOWS\bvb.exe
2006-10-15 13:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-13 22:25 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-12 02:56 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-12 02:56 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-12 02:56 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-12 02:56 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-12 01:46 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2006-10-12 01:46 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2006-10-12 01:46 76,288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL
2006-10-12 01:46 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-10-12 01:46 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2006-10-12 01:46 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2006-10-12 01:46 54,784 -ra------ C:\WINDOWS\system32\msvci70.dll
2006-10-12 01:46 5,632 -ra------ C:\WINDOWS\system32\mfcuia32.dll
2006-10-12 01:46 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2006-10-12 01:46 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2006-10-12 01:46 37,888 -ra------ C:\WINDOWS\system32\ochlp30e.dll
2006-10-12 01:46 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2006-10-12 01:46 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2006-10-12 01:46 31,744 -ra------ C:\WINDOWS\system32\hlp95en.dll
2006-10-12 01:46 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2006-10-12 01:46 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-10-12 01:46 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2006-10-12 01:46 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2006-10-12 01:46 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2006-10-12 01:46 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-12 01:46 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2006-10-12 01:46 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2006-10-12 01:46 133,904 -ra------ C:\WINDOWS\system32\mfcans32.dll
2006-10-12 01:46 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\HPODXPAT.DLL
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 12:09 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-28 10:37 -------- d-------- C:\Documents and Settings\Rob\Application Data\AVG7
2006-10-27 22:43 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-27 22:31 -------- d-------- C:\Program Files\Hijackthis
2006-10-27 22:24 -------- d-------- C:\Program Files\Java
2006-10-27 21:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 21:39 -------- d-------- C:\Program Files\DIGStream
2006-10-26 22:07 -------- d-------- C:\Program Files\HaxFix
2006-10-26 20:41 -------- d-------- C:\Program Files\Grisoft
2006-10-24 21:35 -------- d-------- C:\Program Files\Quicken
2006-10-24 21:21 -------- d-------- C:\Documents and Settings\Rob\Application Data\AdobeUM
2006-10-22 22:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2006-10-22 15:24 -------- d-------- C:\Program Files\WinRAR
2006-10-22 13:46 -------- d-------- C:\Documents and Settings\Rob\Application Data\Help
2006-10-21 19:48 -------- d-------- C:\Documents and Settings\Rob\Application Data\Microsoft
2006-10-20 22:57 -------- d-------- C:\Documents and Settings\Rob\Application Data\HP
2006-10-15 22:02 -------- d-------- C:\Documents and Settings\Rob\Application Data\U3
2006-10-15 00:45 -------- d-------- C:\Program Files\GiPo@Utilities
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files\Gibinsoft Shared
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sun
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sonic
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Leadertech
2006-10-13 23:45 -------- d-------- C:\Program Files\Google
2006-10-13 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 16:59 -------- d-------- C:\Documents and Settings\Rob\Application Data\Template
2006-10-12 16:39 -------- d-------- C:\Program Files\LimeWire
2006-10-12 16:04 -------- d-------- C:\Documents and Settings\Rob\Application Data\Google
2006-10-12 15:49 -------- d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2006-10-12 02:55 -------- d-------- C:\Program Files\HPQ
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 01:26 -------- d-------- C:\Program Files\RGB
2006-10-12 01:26 -------- d-------- C:\Program Files\Quickensetup
2006-10-12 01:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 01:26 -------- d-------- C:\Program Files\Online Services
2006-10-12 01:25 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-12 01:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 01:24 -------- d-------- C:\Program Files\music_now
2006-10-12 01:24 -------- d-------- C:\Program Files\MSN Encarta Plus
2006-10-12 01:24 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 01:24 -------- d-------- C:\Program Files\Microsoft Works
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Money 2006
2006-10-12 01:23 -------- d-------- C:\Program Files\Messenger
2006-10-12 01:23 -------- d-------- C:\Program Files\HP Rhapsody
2006-10-12 01:21 -------- d-------- C:\Program Files\GemMaster
2006-10-12 01:21 -------- d-------- C:\Program Files\ESPNMotion
2006-10-12 01:21 -------- d-------- C:\Program Files\EnglishOtto
2006-10-12 01:21 -------- d-------- C:\Program Files\Common Files\System
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Services
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-10-12 01:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2006-10-11 23:59 -------- d-------- C:\Program Files\WildTangent
2006-10-11 23:54 -------- d-------- C:\Documents and Settings\Rob\Application Data\Netscape
2006-10-11 23:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 21:50 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-11 19:48 -------- d-------- C:\Program Files\EMCO MoveOnBoot
2006-10-10 23:28 -------- d-------- C:\Program Files\MyWebSearch
2006-10-10 21:53 -------- d-------- C:\Program Files\Agnitum
2006-10-08 22:44 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-10-07 19:08 -------- d-------- C:\Program Files\AlienGUIse
2006-09-16 22:52 -------- d-------- C:\Program Files\ArcadeRockstar
2006-09-16 19:43 -------- d-------- C:\Program Files\GSR
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 21:47 -------- d-------- C:\Program Files\PhotoFiltre
2006-09-15 21:42 -------- d-------- C:\Program Files\Adobe
2006-09-14 20:36 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-14 20:29 0 --------- C:\MSDOS.SYS
2006-09-14 20:29 0 --------- C:\IO.SYS
2006-09-12 21:29 -------- d-------- C:\Program Files\MP3 CD Converter Professional
2006-09-12 20:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-11 21:01 -------- d-------- C:\Program Files\Kazi Sound Recorder
2006-09-10 14:42 -------- d-------- C:\Program Files\HP
2006-09-10 14:42 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-09-08 23:45 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-08 23:15 -------- d-------- C:\Program Files\SmartAudioConverter
2006-09-08 23:07 -------- d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-09-06 12:07 -------- d-------- C:\Program Files\Rhapsody
2006-08-28 19:16 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 19:15 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
@=""
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{DD7D4640-4464-48C0-82FD-21338366D2D2}"=""
"{9915CFD1-6B7D-4AC5-ABAC-136924579E91}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Roberra.job
C:\WINDOWS\tasks\Warranty Reminder 11 Months.jobCompletion time: 06-10-28 12:13:07.90
C:\ComboFix.txt ... 06-10-28 12:13
C:\ComboFix2.txt ... 06-10-28 11:16
C:\ComboFix3.txt ... 06-10-27 21:50
0
"I just missed your response some how. Please post this response back in your original post so we can keep up with it."
THANKYOU, SORRY FOR RUSHING YOu.
AVG Anti-Spyware - Scan Report
+ Created at: 12:09:56 PM 10/28/2006+ Scan result:
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000163.dll -> Backdoor.Agent.aex : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000168.exe -> Downloader.QQHelper.jb : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000170.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000164.sys -> Trojan.Agent.eg : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000166.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000167.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000165.dll -> Trojan.Agent.im : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000169.exe -> Trojan.Lmir.bdj : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000162.DLL -> Trojan.Lmir.bdm : No action taken.
::Report endRob - 06-10-28 12:12:29.92 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Rob\Desktop"((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))
2006-10-26 21:45 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-10-26 21:45 7,483 --a------ C:\clean.bat
2006-10-26 21:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-26 21:45 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-10-26 21:45 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-10-26 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 20:08 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
2006-10-24 20:08 98,304 --a------ C:\WINDOWS\system32\dlbtinsr.dll
2006-10-24 20:08 77,824 --a------ C:\WINDOWS\system32\dlbtcub.dll
2006-10-24 20:08 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
2006-10-24 20:08 667,648 --a------ C:\WINDOWS\system32\dlbtcomc.dll
2006-10-24 20:08 638,976 --a------ C:\WINDOWS\system32\dlbtpmui.dll
2006-10-24 20:08 512,000 --a------ C:\WINDOWS\system32\dlbthbn1.dll
2006-10-24 20:08 487,424 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
2006-10-24 20:08 466,944 --a------ C:\WINDOWS\system32\dlbtcoms.exe
2006-10-24 20:08 405,504 --a------ C:\WINDOWS\system32\dlbtcomm.dll
2006-10-24 20:08 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
2006-10-24 20:08 397,312 --a------ C:\WINDOWS\system32\dlbtutil.dll
2006-10-24 20:08 372,736 --a------ C:\WINDOWS\system32\dlbtcfg.exe
2006-10-24 20:08 356,352 --a------ C:\WINDOWS\system32\dlbtih.exe
2006-10-24 20:08 32,768 --a------ C:\WINDOWS\system32\dlbtcur.dll
2006-10-24 20:08 176,128 --a------ C:\WINDOWS\system32\dlbtinsb.dll
2006-10-24 20:08 143,360 --a------ C:\WINDOWS\system32\dlbtprox.dll
2006-10-24 20:08 139,264 --a------ C:\WINDOWS\system32\dlbtins.dll
2006-10-24 20:08 135,168 --a------ C:\WINDOWS\system32\dlbtjswr.dll
2006-10-24 20:08 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
2006-10-24 20:08 1,150,976 --a------ C:\WINDOWS\system32\dlbtserv.dll
2006-10-24 20:08 1,134,592 --a------ C:\WINDOWS\system32\dlbtusb1.dll
2006-10-21 19:50 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-21 19:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-20 16:40 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-16 18:57 33,280 --a------ C:\WINDOWS\system32\dllwm.dll
2006-10-15 21:58 34 --a------ C:\WINDOWS\vbarun.dll
2006-10-15 16:42 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-15 14:49 25,504 --a------ C:\WINDOWS\bvb.exe
2006-10-15 13:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-13 22:25 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-12 02:56 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-12 02:56 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-12 02:56 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-12 02:56 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-12 01:46 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2006-10-12 01:46 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2006-10-12 01:46 76,288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL
2006-10-12 01:46 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-10-12 01:46 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2006-10-12 01:46 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2006-10-12 01:46 54,784 -ra------ C:\WINDOWS\system32\msvci70.dll
2006-10-12 01:46 5,632 -ra------ C:\WINDOWS\system32\mfcuia32.dll
2006-10-12 01:46 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2006-10-12 01:46 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2006-10-12 01:46 37,888 -ra------ C:\WINDOWS\system32\ochlp30e.dll
2006-10-12 01:46 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2006-10-12 01:46 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2006-10-12 01:46 31,744 -ra------ C:\WINDOWS\system32\hlp95en.dll
2006-10-12 01:46 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2006-10-12 01:46 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-10-12 01:46 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2006-10-12 01:46 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2006-10-12 01:46 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2006-10-12 01:46 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-12 01:46 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2006-10-12 01:46 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2006-10-12 01:46 133,904 -ra------ C:\WINDOWS\system32\mfcans32.dll
2006-10-12 01:46 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\HPODXPAT.DLL
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 12:09 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-28 10:37 -------- d-------- C:\Documents and Settings\Rob\Application Data\AVG7
2006-10-27 22:43 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-27 22:31 -------- d-------- C:\Program Files\Hijackthis
2006-10-27 22:24 -------- d-------- C:\Program Files\Java
2006-10-27 21:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 21:39 -------- d-------- C:\Program Files\DIGStream
2006-10-26 22:07 -------- d-------- C:\Program Files\HaxFix
2006-10-26 20:41 -------- d-------- C:\Program Files\Grisoft
2006-10-24 21:35 -------- d-------- C:\Program Files\Quicken
2006-10-24 21:21 -------- d-------- C:\Documents and Settings\Rob\Application Data\AdobeUM
2006-10-22 22:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2006-10-22 15:24 -------- d-------- C:\Program Files\WinRAR
2006-10-22 13:46 -------- d-------- C:\Documents and Settings\Rob\Application Data\Help
2006-10-21 19:48 -------- d-------- C:\Documents and Settings\Rob\Application Data\Microsoft
2006-10-20 22:57 -------- d-------- C:\Documents and Settings\Rob\Application Data\HP
2006-10-15 22:02 -------- d-------- C:\Documents and Settings\Rob\Application Data\U3
2006-10-15 00:45 -------- d-------- C:\Program Files\GiPo@Utilities
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files\Gibinsoft Shared
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sun
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sonic
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Leadertech
2006-10-13 23:45 -------- d-------- C:\Program Files\Google
2006-10-13 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 16:59 -------- d-------- C:\Documents and Settings\Rob\Application Data\Template
2006-10-12 16:39 -------- d-------- C:\Program Files\LimeWire
2006-10-12 16:04 -------- d-------- C:\Documents and Settings\Rob\Application Data\Google
2006-10-12 15:49 -------- d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2006-10-12 02:55 -------- d-------- C:\Program Files\HPQ
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 01:26 -------- d-------- C:\Program Files\RGB
2006-10-12 01:26 -------- d-------- C:\Program Files\Quickensetup
2006-10-12 01:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 01:26 -------- d-------- C:\Program Files\Online Services
2006-10-12 01:25 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-12 01:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 01:24 -------- d-------- C:\Program Files\music_now
2006-10-12 01:24 -------- d-------- C:\Program Files\MSN Encarta Plus
2006-10-12 01:24 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 01:24 -------- d-------- C:\Program Files\Microsoft Works
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Money 2006
2006-10-12 01:23 -------- d-------- C:\Program Files\Messenger
2006-10-12 01:23 -------- d-------- C:\Program Files\HP Rhapsody
2006-10-12 01:21 -------- d-------- C:\Program Files\GemMaster
2006-10-12 01:21 -------- d-------- C:\Program Files\ESPNMotion
2006-10-12 01:21 -------- d-------- C:\Program Files\EnglishOtto
2006-10-12 01:21 -------- d-------- C:\Program Files\Common Files\System
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Services
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-10-12 01:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2006-10-11 23:59 -------- d-------- C:\Program Files\WildTangent
2006-10-11 23:54 -------- d-------- C:\Documents and Settings\Rob\Application Data\Netscape
2006-10-11 23:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 21:50 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-11 19:48 -------- d-------- C:\Program Files\EMCO MoveOnBoot
2006-10-10 23:28 -------- d-------- C:\Program Files\MyWebSearch
2006-10-10 21:53 -------- d-------- C:\Program Files\Agnitum
2006-10-08 22:44 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-10-07 19:08 -------- d-------- C:\Program Files\AlienGUIse
2006-09-16 22:52 -------- d-------- C:\Program Files\ArcadeRockstar
2006-09-16 19:43 -------- d-------- C:\Program Files\GSR
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 21:47 -------- d-------- C:\Program Files\PhotoFiltre
2006-09-15 21:42 -------- d-------- C:\Program Files\Adobe
2006-09-14 20:36 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-14 20:29 0 --------- C:\MSDOS.SYS
2006-09-14 20:29 0 --------- C:\IO.SYS
2006-09-12 21:29 -------- d-------- C:\Program Files\MP3 CD Converter Professional
2006-09-12 20:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-11 21:01 -------- d-------- C:\Program Files\Kazi Sound Recorder
2006-09-10 14:42 -------- d-------- C:\Program Files\HP
2006-09-10 14:42 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-09-08 23:45 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-08 23:15 -------- d-------- C:\Program Files\SmartAudioConverter
2006-09-08 23:07 -------- d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-09-06 12:07 -------- d-------- C:\Program Files\Rhapsody
2006-08-28 19:16 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 19:15 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
@=""
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{DD7D4640-4464-48C0-82FD-21338366D2D2}"=""
"{9915CFD1-6B7D-4AC5-ABAC-136924579E91}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Roberra.job
C:\WINDOWS\tasks\Warranty Reminder 11 Months.jobCompletion time: 06-10-28 12:13:07.90
C:\ComboFix.txt ... 06-10-28 12:13
C:\ComboFix2.txt ... 06-10-28 11:16
C:\ComboFix3.txt ... 06-10-27 21:50
0
The setting for AVG-AntiSpyware need to be changed as it is not quarantining problem files. Right click on the AVG-Antispyware icon> click scanner> click settings> click the under the heading "How to Act" click the blue underline "recommended action" and click "quarantine" then exit AVG-AntiSpyware.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Reboot to safe mode
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Reboot to normal mode and post the new AVG-AntiSpyware report.
0
AVG Anti-Spyware - Scan Report
+ Created at: 6:53:32 PM 10/30/2006+ Scan result:
Nothing found.
::Report end
0
More trojans are coming!!!! I did an AVG scan and it showed me about 6 more trojans!!
some are in the file name killbox! so i deleted killbox. what should i do?
0
It is clean.
But, last time i ran a scan with AVG Free Edition not Anti-Spyware Edition and it found 2 viruses that it says is infected but now it doesnt come up on the scan anymore.
does that mean im safe?And should I uninstall Limewire?
0
Yes, uninstall limewire, it is a portal for malware. Sounds like AVG caught two viruses and put the in the virus vault. If so you can clean out the virus vault. Double click the AVG icon in the systray> click program> AVG Virus Vault and folow the prompts to delete the items in the virus vault if found.
AVG will be discontinued(free version anyway) on Jan,15,2006 so look for a new free av.
0
I uninstalled LimeWire. I emptied the vaults on all my anti viruses.
Besides AVG I have spybot search and destroy, windows defender, trojan hunter, and spyblaster.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
