11 trojans and multiplying

Computing.Net > Forums > Security and Virus > 11 trojans and multiplying

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

11 trojans and multiplying

Original Message

Name: etking
Date: October 26, 2006 at 14:57:55 Pacific
Subject: 11 trojans and multiplying
OS: XP Media center edition s
CPU/Ram: 512 ram
Model/Manufacturer: Hp pavilion dv5000

Comment:

AVG keeps giving me this message about a trojan...I just strted the scan now but it already has information on the currently found viruses. DARN!!, now there are 13 trojans! Here are some of the results...(Only a few cause i cant copy it)
Name----- winasse.exe
path----- C:Windows\system32\
Discovery--- trojan horse PSW.Legendmir.DDJ
Source computer--- YOUR-727aQA4E7C
fSize---26.5kb
healable---no
source---backup copy
status----infected
other names are, c[1].gif, log4[1].exe,log[4].exe, winsmd.exe.....and alot more
Some are under windows files and say if u delete it it might harm the cpu (not exact words).. What should I do?
I have a mooveonboot that can delete anything i choose on the next cpu shutdown. Should I delete everything that doesnt have a message like may harm computer?

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: October 26, 2006 at 15:37:02 Pacific

Reply: (edit)

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Report Offensive Follow Up For Removal

Response Number 2

Name: etking
Date: October 26, 2006 at 16:16:08 Pacific

Reply: (edit)

I got hijackthis and it scanned in a second. Is it supposed to do it that fast?
well anyway here are the results.
Logfile of HijackThis v1.99.1
Scan saved at 7:11:04 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Intel\rundll32.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/se...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: 210531M.BMP
O20 - Winlogon Notify: rege2usb - C:\WINDOWS\SYSTEM32\rege2usb.dll
O21 - SSODL: QQHelper - {D92D666A-0FB7-5892-A7E8-293403330F7E} - C:\WINDOWS\Downloaded Program Files\jvm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: October 26, 2006 at 16:37:18 Pacific

Reply: (edit)

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version.We will need it later in safe mode
Download GMER from http://www.gmer.net/
Save it somewhere safe & unzip it to desktop
Double click the gmer.exe to run it and select the rootkit tab, press scan and when it has finished press save and copy the log back here please.

Report Offensive Follow Up For Removal

Response Number 4

Name: etking
Date: October 26, 2006 at 18:16:49 Pacific

Reply: (edit)

All of the programs you listed are downloaded.
Here are the Gmer results.
WARNING
It said it found system modifications caused by rootkit activity..........
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-26 21:08:58
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.11 ----
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
---- Devices - GMER 1.0.11 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BED85A] avgtdi.sys
---- Processes - GMER 1.0.11 ----
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE [488] 0x00AF0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [916] 0x00ED0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1108] 0x007A0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe [1628] 0x03970000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\system32\ati2evxx.exe [1632] 0x00CD0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\ehome\ehtray.exe [3068] 0x003D0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [3096] 0x00B40000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [3220] 0x00A70000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3260] 0x00B30000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE [3412] 0x011C0000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HP\QuickPlay\QPService.exe [3448] 0x00A00000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe [3512] 0x00E70000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [3644] 0x01080000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [3688] 0x00B30000
Library C:\WINDOWS\Intel\rundll32.exe (*** hidden *** ) @ C:\WINDOWS\TEMP\1895.tmp2.exe [3764] 0x00400000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\WINDOWS\TEMP\1895.tmp2.exe [3764] 0x00A80000
Library C:\WINDOWS\system32\ztdll.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [3808] 0x008C0000
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----

Report Offensive Follow Up For Removal

Response Number 5

Name: jabuck
Date: October 26, 2006 at 18:37:57 Pacific

Reply: (edit)

Download haxfix.exe.
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
Click "Finish".
A red "dos window" (dos box) will open.
Select option 1. Make logfile by typing 1 and then pressing Enter.
Haxfix will start scanning the computer. When it is finished a logfile will open.
Copy the contents of that logfile and paste it into this thread.

Report Offensive Follow Up For Removal


trojan and blank safe mode Trojan and anti-virus Keylogger.Trojan and Norton Anitvir Help with the Dumarin.g trojan and Trojan and OPASERV Virus	Help with Trojan and Worm! trojan dialer.11.af (??) 24 trojans and counting Trojan Horse Downloader Agent GPZ Winlogon Trojan and other problems

Response Number 6

Name: etking
Date: October 26, 2006 at 18:49:27 Pacific

Reply: (edit)

Here are the results

HAXFIX logfile - by Marckie
______________
version 4.28
Thu 10/26/2006 21:45:14.16
checking for haxdoor
--------------------
checking for a3d files....
a3d files not found
checking for matching notify keys....
no matching notify keys found

checking for matching services....
matching services found
CmBatt

checking for matching safeboot services....
no matching safeboot services found
checking for other haxdoorfiles....

Checking for goldun
-------------------
checking for SSODL keys....
no ssodl keys found
checking for notify keys....
rege2usb
checking for services....
regepsrvc
checking for other goldunfiles....

Finished

Report Offensive Follow Up For Removal

Response Number 7

Name: jabuck
Date: October 26, 2006 at 18:59:50 Pacific

Reply: (edit)

Double click on fix.bat desktop icon (Haxfix)
Close all other open windows since this step requires a reboot.
Select option 2. Run auto fix by typing 2, and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile will open.
Post the contents of that logfile along with a new hijackthislog.

Report Offensive Follow Up For Removal

Response Number 8

Name: etking
Date: October 26, 2006 at 19:17:41 Pacific

Reply: (edit)

IM GETTING TONS OF "MALWARE FOUND" MESSAGES FROM AVG. SHOULD I IGNORE OR QUARINTINE THEM?

HAXFILE LOG

HAXFIX logfile - by Marckie
--------------
version 4.28
Thu 10/26/2006 22:06:52.38

--- Auto Haxdoorfix ---

searching for files:

no infections found

--- Goldunfix ---

searching for files:

searching for SSODLkeys:
no SSODLkeys found
searching for notifykeys:
rege2usb

searching for services:
regepsrvc

deleting service regepsrvc
[SWSC] DeleteService SUCCESS

.....rebooting the computer.....

searching for ssodlkeys
not needed

searching for notifykeys
notifykey rege2usb not found

searching for services
service regepsrvc not found

searching for safeboot services
not needed

searching for files

rege2usb.dll exists
deleting rege2usb.dll
rege2usb.dll has been deleted

regepsrvc.sys exists
deleting regepsrvc.sys
regepsrvc.sys has been deleted

checking for other files

ksl48.bin exists
deleting ksl48.bin
ksl48.bin has been deleted

checking for a3d files
no a3d files found

Finished
____________________________________________________________________________________________________________________________________
HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 10:12:09 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/se...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: 210531M.BMP
O21 - SSODL: QQHelper - {D92D666A-0FB7-5892-A7E8-293403330F7E} - C:\WINDOWS\Downloaded Program Files\jvm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Report Offensive Follow Up For Removal

Response Number 9

Name: jabuck
Date: October 26, 2006 at 19:56:10 Pacific

Reply: (edit)

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
O20 - AppInit_DLLs: 210531M.BMP
O21 - SSODL: QQHelper - {D92D666A-0FB7-5892-A7E8-293403330F7E} - C:\WINDOWS\Downloaded Program Files\jvm.dll
Exit Hijack This but remain in safe mode.
Go to start> run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok
Now navigate to and delete:
C:\WINDOWS\Downloaded Program Files\jvm.dll

Go to start > run and type regsvr32 occache.dll
Click ok.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Reboot to normal mode
Please download ComboFix to the Desktop from this link:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the combofix.txt log.
Post a the AVG Anti-Spyware report on your desktop, and a new Hijack this log.
Your Java is outdated. Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Report Offensive Follow Up For Removal

Response Number 10

Name: etking
Date: October 27, 2006 at 19:36:37 Pacific

Reply: (edit)

Everything you said is done. I will download spyblaster now. Should I delete all of the downloaded programs?
AVG Anti-Spyware - Scan Report

+ Created at: 9:40:04 PM 10/27/2006
+ Scan result:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\bbbpibbm.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mswdm.exe -> Downloader.QQHelper.jb : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\InfoMs.tdm -> Logger.Delf.ps : Cleaned with backup (quarantined).
[1316] C:\Program Files\Internet Explorer\InfoMs.tdm -> Logger.Delf.ps : Cleaned with backup (quarantined).
[1772] C:\Program Files\Internet Explorer\InfoMs.tdm -> Logger.Delf.ps : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Internet Explorer\InfoMs.sys -> Trojan.Agent.eg : Cleaned with backup (quarantined).
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0748NAV~.TMP -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\WINDOWS\system32\explore.exe -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\WINDOWS\system32\message.exe -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0459NAV~.TMP -> Trojan.Agent.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Cnscheck001.dll -> Trojan.Agent.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vpcrm.exe -> Trojan.Lmir.bdj : Cleaned with backup (quarantined).
C:\WINDOWS\210531LZ.DLL -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[224] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[276] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[288] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[456] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[540] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).
[616] C:\WINDOWS\210531M.BMP -> Trojan.Lmir.bdm : Cleaned with backup (quarantined).

::Report end
________________________________________________________________________________________
ComboFix

Rob - 06-10-27 21:49:57.07 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Rob\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))

2006-10-26 21:45 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-10-26 21:45 7,483 --a------ C:\clean.bat
2006-10-26 21:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-26 21:45 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-10-26 21:45 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-10-26 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 20:08 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
2006-10-24 20:08 98,304 --a------ C:\WINDOWS\system32\dlbtinsr.dll
2006-10-24 20:08 77,824 --a------ C:\WINDOWS\system32\dlbtcub.dll
2006-10-24 20:08 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
2006-10-24 20:08 667,648 --a------ C:\WINDOWS\system32\dlbtcomc.dll
2006-10-24 20:08 638,976 --a------ C:\WINDOWS\system32\dlbtpmui.dll
2006-10-24 20:08 512,000 --a------ C:\WINDOWS\system32\dlbthbn1.dll
2006-10-24 20:08 487,424 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
2006-10-24 20:08 466,944 --a------ C:\WINDOWS\system32\dlbtcoms.exe
2006-10-24 20:08 405,504 --a------ C:\WINDOWS\system32\dlbtcomm.dll
2006-10-24 20:08 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
2006-10-24 20:08 397,312 --a------ C:\WINDOWS\system32\dlbtutil.dll
2006-10-24 20:08 372,736 --a------ C:\WINDOWS\system32\dlbtcfg.exe
2006-10-24 20:08 356,352 --a------ C:\WINDOWS\system32\dlbtih.exe
2006-10-24 20:08 32,768 --a------ C:\WINDOWS\system32\dlbtcur.dll
2006-10-24 20:08 176,128 --a------ C:\WINDOWS\system32\dlbtinsb.dll
2006-10-24 20:08 143,360 --a------ C:\WINDOWS\system32\dlbtprox.dll
2006-10-24 20:08 139,264 --a------ C:\WINDOWS\system32\dlbtins.dll
2006-10-24 20:08 135,168 --a------ C:\WINDOWS\system32\dlbtjswr.dll
2006-10-24 20:08 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
2006-10-24 20:08 1,150,976 --a------ C:\WINDOWS\system32\dlbtserv.dll
2006-10-24 20:08 1,134,592 --a------ C:\WINDOWS\system32\dlbtusb1.dll
2006-10-24 18:37 53,760 --a------ C:\WINDOWS\system32\zt.dll
2006-10-21 19:50 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-21 19:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-21 16:38 53,553 --ahs---- C:\WINDOWS\210531JH.DLL
2006-10-21 15:36 49,152 --a------ C:\WINDOWS\system32\mywl.dll
2006-10-20 16:40 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-18 18:57 81,713 --ahs---- C:\WINDOWS\210531.DLL
2006-10-16 18:57 33,280 --a------ C:\WINDOWS\system32\dllwm.dll
2006-10-15 21:58 34 --a------ C:\WINDOWS\vbarun.dll
2006-10-15 16:42 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-15 16:42 53,248 --a------ C:\WINDOWS\system32\myztr.dll
2006-10-15 14:49 25,504 --a------ C:\WINDOWS\bvb.exe
2006-10-15 13:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-13 22:25 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-12 02:56 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-12 02:56 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-12 02:56 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-12 02:56 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-12 01:46 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2006-10-12 01:46 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2006-10-12 01:46 76,288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL
2006-10-12 01:46 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-10-12 01:46 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2006-10-12 01:46 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2006-10-12 01:46 54,784 -ra------ C:\WINDOWS\system32\msvci70.dll
2006-10-12 01:46 5,632 -ra------ C:\WINDOWS\system32\mfcuia32.dll
2006-10-12 01:46 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2006-10-12 01:46 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2006-10-12 01:46 37,888 -ra------ C:\WINDOWS\system32\ochlp30e.dll
2006-10-12 01:46 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2006-10-12 01:46 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2006-10-12 01:46 31,744 -ra------ C:\WINDOWS\system32\hlp95en.dll
2006-10-12 01:46 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2006-10-12 01:46 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-10-12 01:46 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2006-10-12 01:46 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2006-10-12 01:46 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2006-10-12 01:46 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-12 01:46 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2006-10-12 01:46 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2006-10-12 01:46 133,904 -ra------ C:\WINDOWS\system32\mfcans32.dll
2006-10-12 01:46 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\HPODXPAT.DLL

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 21:46 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-27 21:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 21:39 -------- d-------- C:\Program Files\DIGStream
2006-10-27 19:20 -------- d-------- C:\Program Files\Hijackthis
2006-10-27 16:29 -------- d-------- C:\Documents and Settings\Rob\Application Data\AVG7
2006-10-26 22:07 -------- d-------- C:\Program Files\HaxFix
2006-10-26 20:41 -------- d-------- C:\Program Files\Grisoft
2006-10-24 21:35 -------- d-------- C:\Program Files\Quicken
2006-10-24 21:21 -------- d-------- C:\Documents and Settings\Rob\Application Data\AdobeUM
2006-10-22 22:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2006-10-22 15:24 -------- d-------- C:\Program Files\WinRAR
2006-10-22 13:46 -------- d-------- C:\Documents and Settings\Rob\Application Data\Help
2006-10-22 13:33 30940 --a------ C:\Program Files\svhost32.exe
2006-10-21 19:48 -------- d-------- C:\Documents and Settings\Rob\Application Data\Microsoft
2006-10-20 22:57 -------- d-------- C:\Documents and Settings\Rob\Application Data\HP
2006-10-15 22:02 -------- d-------- C:\Documents and Settings\Rob\Application Data\U3
2006-10-15 00:45 -------- d-------- C:\Program Files\GiPo@Utilities
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files\Gibinsoft Shared
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sun
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sonic
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Leadertech
2006-10-13 23:45 -------- d-------- C:\Program Files\Google
2006-10-13 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-13 19:19 118 --a------ C:\Documents and Settings\Rob\Application Data\wklnhst.dat
2006-10-12 16:59 -------- d-------- C:\Documents and Settings\Rob\Application Data\Template
2006-10-12 16:39 -------- d-------- C:\Program Files\LimeWire
2006-10-12 16:04 -------- d-------- C:\Documents and Settings\Rob\Application Data\Google
2006-10-12 15:49 -------- d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2006-10-12 02:55 -------- d-------- C:\Program Files\HPQ
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 01:26 -------- d-------- C:\Program Files\RGB
2006-10-12 01:26 -------- d-------- C:\Program Files\Quickensetup
2006-10-12 01:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 01:26 -------- d-------- C:\Program Files\Online Services
2006-10-12 01:25 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-12 01:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 01:24 -------- d-------- C:\Program Files\music_now
2006-10-12 01:24 -------- d-------- C:\Program Files\MSN Encarta Plus
2006-10-12 01:24 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 01:24 -------- d-------- C:\Program Files\Microsoft Works
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Money 2006
2006-10-12 01:23 -------- d-------- C:\Program Files\Messenger
2006-10-12 01:23 -------- d-------- C:\Program Files\HP Rhapsody
2006-10-12 01:21 -------- d-------- C:\Program Files\GemMaster
2006-10-12 01:21 -------- d-------- C:\Program Files\ESPNMotion
2006-10-12 01:21 -------- d-------- C:\Program Files\EnglishOtto
2006-10-12 01:21 -------- d-------- C:\Program Files\Common Files\System
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Services
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-10-12 01:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2006-10-11 23:59 -------- d-------- C:\Program Files\WildTangent
2006-10-11 23:54 -------- d-------- C:\Documents and Settings\Rob\Application Data\Netscape
2006-10-11 23:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 21:50 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-11 19:48 -------- d-------- C:\Program Files\EMCO MoveOnBoot
2006-10-10 23:28 -------- d-a------ C:\Program Files\MyWebSearch
2006-10-10 21:53 -------- d-------- C:\Program Files\Agnitum
2006-10-08 22:44 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-10-07 19:08 -------- d-------- C:\Program Files\AlienGUIse
2006-09-16 22:52 -------- d-------- C:\Program Files\ArcadeRockstar
2006-09-16 19:43 -------- d-------- C:\Program Files\GSR
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 21:47 -------- d-------- C:\Program Files\PhotoFiltre
2006-09-15 21:42 -------- d-------- C:\Program Files\Adobe
2006-09-14 20:36 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-14 20:29 0 --------- C:\MSDOS.SYS
2006-09-14 20:29 0 --------- C:\IO.SYS
2006-09-12 21:29 -------- d-------- C:\Program Files\MP3 CD Converter Professional
2006-09-12 20:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-11 21:01 -------- d-------- C:\Program Files\Kazi Sound Recorder
2006-09-10 14:42 -------- d-------- C:\Program Files\HP
2006-09-10 14:42 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-09-08 23:45 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-08 23:15 -------- d-------- C:\Program Files\SmartAudioConverter
2006-09-08 23:07 -------- d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-09-06 12:07 -------- d-------- C:\Program Files\Rhapsody
2006-08-28 19:16 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 19:15 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
@=""
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{DD7D4640-4464-48C0-82FD-21338366D2D2}"=""
"{9915CFD1-6B7D-4AC5-ABAC-136924579E91}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"rx"="C:\\WINDOWS\\system32\\explore.exe"
"zz"="C:\\WINDOWS\\system32\\intenet.exe"
"wl"="C:\\WINDOWS\\system32\\svvosts.exe"
"lsz"="C:\\WINDOWS\\system32\\message.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"="C:\\WINDOWS\\system32\\vpcrm.exe"
"KernelCheck"="C:\\WINDOWS\\system32\\winasse.exe"
"CheckFaultKernel"="C:\\WINDOWS\\system32\\mswdm.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Roberra.job
C:\WINDOWS\tasks\Warranty Reminder 11 Months.job
________________________________________________________________________________________
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 10:31:14 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/se...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Completion time: 06-10-27 21:50:36.53
C:\ComboFix.txt ... 06-10-27 21:50

Report Offensive Follow Up For Removal

Response Number 11

Name: jabuck
Date: October 27, 2006 at 20:40:39 Pacific

Reply: (edit)

Looks better, but a little more work to do. There is a good chance that the rootkit and other spyware and virus infected your computer via "LimeWire" you may want to look for an alternative. Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\zt.dll
C:\WINDOWS\210531JH.DLL
C:\WINDOWS\210531.DLL
C:\WINDOWS\system32\myztr.dll
C:\WINDOWS\system32\mywl.dll
C:\Program Files\svhost32.exe
C:\Documents and Settings\Rob\Application Data\wklnhst.dat
C:\Program Files\MyWebSearch\
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\system32\svvosts.exe
C:\WINDOWS\system32\message.exe
C:\WINDOWS\system32\vpcrm.exe
C:\WINDOWS\system32\winasse.exe
C:\WINDOWS\system32\mswdm.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"rx"=-
"zz"=-
"wl"=-
"lsz"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"=-
"KernelCheck"=-
"CheckFaultKernel"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Please post a new Combofix log.
Update AVG-Antivirus and run another scan and post the results please.

Report Offensive Follow Up For Removal

Response Number 12

Name: etking
Date: October 28, 2006 at 09:15:38 Pacific

Reply: (edit)

AVG Anti-Spyware - Scan Report

+ Created at: 12:09:56 PM 10/28/2006
+ Scan result:
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000163.dll -> Backdoor.Agent.aex : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000168.exe -> Downloader.QQHelper.jb : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000170.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000164.sys -> Trojan.Agent.eg : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000166.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000167.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000165.dll -> Trojan.Agent.im : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000169.exe -> Trojan.Lmir.bdj : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000162.DLL -> Trojan.Lmir.bdm : No action taken.

::Report end
Rob - 06-10-28 12:12:29.92 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Rob\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))

2006-10-26 21:45 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-10-26 21:45 7,483 --a------ C:\clean.bat
2006-10-26 21:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-26 21:45 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-10-26 21:45 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-10-26 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 20:08 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
2006-10-24 20:08 98,304 --a------ C:\WINDOWS\system32\dlbtinsr.dll
2006-10-24 20:08 77,824 --a------ C:\WINDOWS\system32\dlbtcub.dll
2006-10-24 20:08 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
2006-10-24 20:08 667,648 --a------ C:\WINDOWS\system32\dlbtcomc.dll
2006-10-24 20:08 638,976 --a------ C:\WINDOWS\system32\dlbtpmui.dll
2006-10-24 20:08 512,000 --a------ C:\WINDOWS\system32\dlbthbn1.dll
2006-10-24 20:08 487,424 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
2006-10-24 20:08 466,944 --a------ C:\WINDOWS\system32\dlbtcoms.exe
2006-10-24 20:08 405,504 --a------ C:\WINDOWS\system32\dlbtcomm.dll
2006-10-24 20:08 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
2006-10-24 20:08 397,312 --a------ C:\WINDOWS\system32\dlbtutil.dll
2006-10-24 20:08 372,736 --a------ C:\WINDOWS\system32\dlbtcfg.exe
2006-10-24 20:08 356,352 --a------ C:\WINDOWS\system32\dlbtih.exe
2006-10-24 20:08 32,768 --a------ C:\WINDOWS\system32\dlbtcur.dll
2006-10-24 20:08 176,128 --a------ C:\WINDOWS\system32\dlbtinsb.dll
2006-10-24 20:08 143,360 --a------ C:\WINDOWS\system32\dlbtprox.dll
2006-10-24 20:08 139,264 --a------ C:\WINDOWS\system32\dlbtins.dll
2006-10-24 20:08 135,168 --a------ C:\WINDOWS\system32\dlbtjswr.dll
2006-10-24 20:08 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
2006-10-24 20:08 1,150,976 --a------ C:\WINDOWS\system32\dlbtserv.dll
2006-10-24 20:08 1,134,592 --a------ C:\WINDOWS\system32\dlbtusb1.dll
2006-10-21 19:50 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-21 19:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-20 16:40 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-16 18:57 33,280 --a------ C:\WINDOWS\system32\dllwm.dll
2006-10-15 21:58 34 --a------ C:\WINDOWS\vbarun.dll
2006-10-15 16:42 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-15 14:49 25,504 --a------ C:\WINDOWS\bvb.exe
2006-10-15 13:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-13 22:25 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-12 02:56 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-12 02:56 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-12 02:56 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-12 02:56 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-12 01:46 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2006-10-12 01:46 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2006-10-12 01:46 76,288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL
2006-10-12 01:46 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-10-12 01:46 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2006-10-12 01:46 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2006-10-12 01:46 54,784 -ra------ C:\WINDOWS\system32\msvci70.dll
2006-10-12 01:46 5,632 -ra------ C:\WINDOWS\system32\mfcuia32.dll
2006-10-12 01:46 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2006-10-12 01:46 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2006-10-12 01:46 37,888 -ra------ C:\WINDOWS\system32\ochlp30e.dll
2006-10-12 01:46 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2006-10-12 01:46 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2006-10-12 01:46 31,744 -ra------ C:\WINDOWS\system32\hlp95en.dll
2006-10-12 01:46 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2006-10-12 01:46 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-10-12 01:46 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2006-10-12 01:46 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2006-10-12 01:46 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2006-10-12 01:46 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-12 01:46 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2006-10-12 01:46 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2006-10-12 01:46 133,904 -ra------ C:\WINDOWS\system32\mfcans32.dll
2006-10-12 01:46 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\HPODXPAT.DLL

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-28 12:09 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-28 10:37 -------- d-------- C:\Documents and Settings\Rob\Application Data\AVG7
2006-10-27 22:43 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-27 22:31 -------- d-------- C:\Program Files\Hijackthis
2006-10-27 22:24 -------- d-------- C:\Program Files\Java
2006-10-27 21:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 21:39 -------- d-------- C:\Program Files\DIGStream
2006-10-26 22:07 -------- d-------- C:\Program Files\HaxFix
2006-10-26 20:41 -------- d-------- C:\Program Files\Grisoft
2006-10-24 21:35 -------- d-------- C:\Program Files\Quicken
2006-10-24 21:21 -------- d-------- C:\Documents and Settings\Rob\Application Data\AdobeUM
2006-10-22 22:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2006-10-22 15:24 -------- d-------- C:\Program Files\WinRAR
2006-10-22 13:46 -------- d-------- C:\Documents and Settings\Rob\Application Data\Help
2006-10-21 19:48 -------- d-------- C:\Documents and Settings\Rob\Application Data\Microsoft
2006-10-20 22:57 -------- d-------- C:\Documents and Settings\Rob\Application Data\HP
2006-10-15 22:02 -------- d-------- C:\Documents and Settings\Rob\Application Data\U3
2006-10-15 00:45 -------- d-------- C:\Program Files\GiPo@Utilities
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files\Gibinsoft Shared
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sun
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sonic
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Leadertech
2006-10-13 23:45 -------- d-------- C:\Program Files\Google
2006-10-13 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 16:59 -------- d-------- C:\Documents and Settings\Rob\Application Data\Template
2006-10-12 16:39 -------- d-------- C:\Program Files\LimeWire
2006-10-12 16:04 -------- d-------- C:\Documents and Settings\Rob\Application Data\Google
2006-10-12 15:49 -------- d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2006-10-12 02:55 -------- d-------- C:\Program Files\HPQ
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 01:26 -------- d-------- C:\Program Files\RGB
2006-10-12 01:26 -------- d-------- C:\Program Files\Quickensetup
2006-10-12 01:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 01:26 -------- d-------- C:\Program Files\Online Services
2006-10-12 01:25 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-12 01:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 01:24 -------- d-------- C:\Program Files\music_now
2006-10-12 01:24 -------- d-------- C:\Program Files\MSN Encarta Plus
2006-10-12 01:24 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 01:24 -------- d-------- C:\Program Files\Microsoft Works
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Money 2006
2006-10-12 01:23 -------- d-------- C:\Program Files\Messenger
2006-10-12 01:23 -------- d-------- C:\Program Files\HP Rhapsody
2006-10-12 01:21 -------- d-------- C:\Program Files\GemMaster
2006-10-12 01:21 -------- d-------- C:\Program Files\ESPNMotion
2006-10-12 01:21 -------- d-------- C:\Program Files\EnglishOtto
2006-10-12 01:21 -------- d-------- C:\Program Files\Common Files\System
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Services
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-10-12 01:20 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-10-12 01:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2006-10-11 23:59 -------- d-------- C:\Program Files\WildTangent
2006-10-11 23:54 -------- d-------- C:\Documents and Settings\Rob\Application Data\Netscape
2006-10-11 23:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 21:50 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-11 19:48 -------- d-------- C:\Program Files\EMCO MoveOnBoot
2006-10-10 23:28 -------- d-------- C:\Program Files\MyWebSearch
2006-10-10 21:53 -------- d-------- C:\Program Files\Agnitum
2006-10-08 22:44 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-10-07 19:08 -------- d-------- C:\Program Files\AlienGUIse
2006-09-16 22:52 -------- d-------- C:\Program Files\ArcadeRockstar
2006-09-16 19:43 -------- d-------- C:\Program Files\GSR
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 21:47 -------- d-------- C:\Program Files\PhotoFiltre
2006-09-15 21:42 -------- d-------- C:\Program Files\Adobe
2006-09-14 20:36 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-14 20:29 0 --------- C:\MSDOS.SYS
2006-09-14 20:29 0 --------- C:\IO.SYS
2006-09-12 21:29 -------- d-------- C:\Program Files\MP3 CD Converter Professional
2006-09-12 20:20 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-11 21:01 -------- d-------- C:\Program Files\Kazi Sound Recorder
2006-09-10 14:42 -------- d-------- C:\Program Files\HP
2006-09-10 14:42 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-09-08 23:45 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-08 23:15 -------- d-------- C:\Program Files\SmartAudioConverter
2006-09-08 23:07 -------- d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-09-06 12:07 -------- d-------- C:\Program Files\Rhapsody
2006-08-28 19:16 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-28 19:15 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 19:15 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
@=""
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{DD7D4640-4464-48C0-82FD-21338366D2D2}"=""
"{9915CFD1-6B7D-4AC5-ABAC-136924579E91}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Roberra.job
C:\WINDOWS\tasks\Warranty Reminder 11 Months.job
Completion time: 06-10-28 12:13:07.90
C:\ComboFix.txt ... 06-10-28 12:13
C:\ComboFix2.txt ... 06-10-28 11:16
C:\ComboFix3.txt ... 06-10-27 21:50

Report Offensive Follow Up For Removal

Response Number 13

Name: etking
Date: October 29, 2006 at 18:14:43 Pacific

Reply: (edit)

"I just missed your response some how. Please post this response back in your original post so we can keep up with it."
THANKYOU, SORRY FOR RUSHING YOu.
AVG Anti-Spyware - Scan Report

+ Created at: 12:09:56 PM 10/28/2006
+ Scan result:
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000163.dll -> Backdoor.Agent.aex : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000168.exe -> Downloader.QQHelper.jb : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000170.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Rob\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000164.sys -> Trojan.Agent.eg : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000166.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000167.exe -> Trojan.Agent.ib : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000165.dll -> Trojan.Agent.im : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000169.exe -> Trojan.Lmir.bdj : No action taken.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP1\A0000162.DLL -> Trojan.Lmir.bdm : No action taken.

::Report end
Rob - 06-10-28 12:12:29.92 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Rob\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))

2006-10-26 21:45 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-10-26 21:45 7,483 --a------ C:\clean.bat
2006-10-26 21:45 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-26 21:45 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-10-26 21:45 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-10-26 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 20:08 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
2006-10-24 20:08 98,304 --a------ C:\WINDOWS\system32\dlbtinsr.dll
2006-10-24 20:08 77,824 --a------ C:\WINDOWS\system32\dlbtcub.dll
2006-10-24 20:08 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
2006-10-24 20:08 667,648 --a------ C:\WINDOWS\system32\dlbtcomc.dll
2006-10-24 20:08 638,976 --a------ C:\WINDOWS\system32\dlbtpmui.dll
2006-10-24 20:08 512,000 --a------ C:\WINDOWS\system32\dlbthbn1.dll
2006-10-24 20:08 487,424 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
2006-10-24 20:08 466,944 --a------ C:\WINDOWS\system32\dlbtcoms.exe
2006-10-24 20:08 405,504 --a------ C:\WINDOWS\system32\dlbtcomm.dll
2006-10-24 20:08 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
2006-10-24 20:08 397,312 --a------ C:\WINDOWS\system32\dlbtutil.dll
2006-10-24 20:08 372,736 --a------ C:\WINDOWS\system32\dlbtcfg.exe
2006-10-24 20:08 356,352 --a------ C:\WINDOWS\system32\dlbtih.exe
2006-10-24 20:08 32,768 --a------ C:\WINDOWS\system32\dlbtcur.dll
2006-10-24 20:08 176,128 --a------ C:\WINDOWS\system32\dlbtinsb.dll
2006-10-24 20:08 143,360 --a------ C:\WINDOWS\system32\dlbtprox.dll
2006-10-24 20:08 139,264 --a------ C:\WINDOWS\system32\dlbtins.dll
2006-10-24 20:08 135,168 --a------ C:\WINDOWS\system32\dlbtjswr.dll
2006-10-24 20:08 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
2006-10-24 20:08 1,150,976 --a------ C:\WINDOWS\system32\dlbtserv.dll
2006-10-24 20:08 1,134,592 --a------ C:\WINDOWS\system32\dlbtusb1.dll
2006-10-21 19:50 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-21 19:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-20 16:40 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-16 18:57 33,280 --a------ C:\WINDOWS\system32\dllwm.dll
2006-10-15 21:58 34 --a------ C:\WINDOWS\vbarun.dll
2006-10-15 16:42 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-15 14:49 25,504 --a------ C:\WINDOWS\bvb.exe
2006-10-15 13:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-13 22:25 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-12 02:56 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-12 02:56 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-12 02:56 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-12 02:56 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-12 01:46 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2006-10-12 01:46 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2006-10-12 01:46 76,288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL
2006-10-12 01:46 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-10-12 01:46 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2006-10-12 01:46 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2006-10-12 01:46 54,784 -ra------ C:\WINDOWS\system32\msvci70.dll
2006-10-12 01:46 5,632 -ra------ C:\WINDOWS\system32\mfcuia32.dll
2006-10-12 01:46 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2006-10-12 01:46 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2006-10-12 01:46 37,888 -ra------ C:\WINDOWS\system32\ochlp30e.dll
2006-10-12 01:46 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2006-10-12 01:46 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2006-10-12 01:46 31,744 -ra------ C:\WINDOWS\system32\hlp95en.dll
2006-10-12 01:46 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2006-10-12 01:46 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-10-12 01:46 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2006-10-12 01:46 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2006-10-12 01:46 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2006-10-12 01:46 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-12 01:46 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2006-10-12 01:46 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2006-10-12 01:46 133,904 -ra------ C:\WINDOWS\system32\mfcans32.dll
2006-10-12 01:46 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL
2006-10-12 01:46 118,784 -ra------ C:\WINDOWS\system32\HPODXPAT.DLL

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-28 12:09 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-28 10:37 -------- d-------- C:\Documents and Settings\Rob\Application Data\AVG7
2006-10-27 22:43 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-27 22:31 -------- d-------- C:\Program Files\Hijackthis
2006-10-27 22:24 -------- d-------- C:\Program Files\Java
2006-10-27 21:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 21:39 -------- d-------- C:\Program Files\DIGStream
2006-10-26 22:07 -------- d-------- C:\Program Files\HaxFix
2006-10-26 20:41 -------- d-------- C:\Program Files\Grisoft
2006-10-24 21:35 -------- d-------- C:\Program Files\Quicken
2006-10-24 21:21 -------- d-------- C:\Documents and Settings\Rob\Application Data\AdobeUM
2006-10-22 22:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2006-10-22 15:24 -------- d-------- C:\Program Files\WinRAR
2006-10-22 13:46 -------- d-------- C:\Documents and Settings\Rob\Application Data\Help
2006-10-21 19:48 -------- d-------- C:\Documents and Settings\Rob\Application Data\Microsoft
2006-10-20 22:57 -------- d-------- C:\Documents and Settings\Rob\Application Data\HP
2006-10-15 22:02 -------- d-------- C:\Documents and Settings\Rob\Application Data\U3
2006-10-15 00:45 -------- d-------- C:\Program Files\GiPo@Utilities
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files\Gibinsoft Shared
2006-10-15 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sun
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Sonic
2006-10-14 17:13 -------- d-------- C:\Documents and Settings\Rob\Application Data\Leadertech
2006-10-13 23:45 -------- d-------- C:\Program Files\Google
2006-10-13 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 16:59 -------- d-------- C:\Documents and Settings\Rob\Application Data\Template
2006-10-12 16:39 -------- d-------- C:\Program Files\LimeWire
2006-10-12 16:04 -------- d-------- C:\Documents and Settings\Rob\Application Data\Google
2006-10-12 15:49 -------- d-------- C:\Documents and Settings\Rob\Application Data\Macromedia
2006-10-12 02:55 -------- d-------- C:\Program Files\HPQ
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows NT
2006-10-12 01:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 01:26 -------- d-------- C:\Program Files\RGB
2006-10-12 01:26 -------- d-------- C:\Program Files\Quickensetup
2006-10-12 01:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 01:26 -------- d-------- C:\Program Files\Online Services
2006-10-12 01:25 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-12 01:24 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 01:24 -------- d-------- C:\Program Files\music_now
2006-10-12 01:24 -------- d-------- C:\Program Files\MSN Encarta Plus
2006-10-12 01:24 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 01:24 -------- d-------- C:\Program Files\Microsoft Works
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2006-10-12 01:23 -------- d-------- C:\Program Files\Microsoft Money 2006
2006-10-12 01:23 -------- d-------- C:\Program Files\Messenger
2006-10-12 01:23 -------- d-------- C:\Program Files\HP Rhapsody
2006-10-12 01:21 -------- d-------- C:\Program Files\GemMaster
2006-10-12 01:21 -------- d-------- C:\Program Files\ESPNMotion
2006-10-12 01:21 -------- d-------- C:\Program Files\EnglishOtto
2006-10-12 01:21 -------- d-------- C:\Pro