Okay, here are all the logs that you requested in the order that you requested them in. First of all I will list the file that I could not find when I looked for what you told me to delete.
C:\526_620.exe
C:\mc-110-12-0000228.exe
C:\Program Files\AXVenore\
C:\Program Files\CleanUp!\readme.exe
C:\Program Files\Common Files\InetGet\
C:\Program Files\Common Files\misc001\
C:\Program Files\Common Files\simtest\
C:\Program Files\Common Files\svchostsys\
C:\Program Files\InetGet2\
C:\Program Files\Internet Optimizer\
C:\Program Files\outlook\
C:\Program Files\PECarlin\
C:\Program Files\WebRebates\
C:\Program Files\websearch\
C:\Program Files\winsupdater\
C:\spywarevanisher-free\
C:\ss1001.exe
C:\stub_113_4_0_4_0.exe
C:\visfx500.exe
C:\VSL02.exe
C:\wd7gi8n.exe
C:\WINDOWS\pf79.exe
C:\WINDOWS\system32\gbe90qs.exe
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\system32ssec.exe
C:\ZIGID003.exe
There are the files I couldnt find, as requested. Now onto the logs, this may take 2 posts.
EDIT: I found one of the files that I had originally thought I couldnt find. I was a little confused and thought that the way it was typed meant that I would find it in the system 32 folder. I reliazed that wasnt the case and found the file.
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:29:40 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Documents and Settings\Administrator\My Documents\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dsl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1127251276609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) -
http://coolmom58.multiply.com/photos/uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{146CD15B-8821-4A8B-BD6E-00138CEFFAF8}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
BFU Log:
BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 4
56 PM, on 6/18/2006
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FolderDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AutoIt (operation failed)
Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll (operation failed)
Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF302A.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (operation failed)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.
Fresh Combofix Log (done after online scan)
Start Time= Sun 06/18/2006 21:13:45.90
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-06-17 13:57:20 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\AVG7"
2006-06-17 13:56:58 ( .D... ) "C:\Program Files\Grisoft"
2006-06-17 13:56:10 ( .D... ) "C:\Program Files\CleanUp!"
2006-06-17 10:52:18 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-06-16 21:23:50 ( .D... ) "C:\Program Files\Lavasoft"
2006-06-16 20:39:00 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-16 20:39:00 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-06-15 21:03:46 ( .D... ) "C:\Program Files\Stomp"
2006-06-15 19:32:56 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\LimeWire"
2006-06-11 12:39:42 ( .D... ) "C:\Program Files\Pando Networks"
2006-06-08 18:19:50 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-01 11:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 11:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-30 16:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe"
2006-05-29 08:30:34 1494016 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-19 08:08:32 3052544 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-18 21:11:34 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Incredible Ink"
2006-05-17 22:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-17 11:23:38 579888 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-05-15 15:00:38 ( .D... ) "C:\Program Files\ASCII"
2006-05-15 14:57:06 ( .D... ) "C:\Program Files\RPGMaker 2000"
2006-05-14 01:44:08 181248 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-11 01:23:24 24576 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-09 23:34:38 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-05-09 22:23:04 658432 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-09 22:23:02 613888 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-09 22:23:02 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-09 22:23:02 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-09 22:23:02 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-09 22:23:02 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-09 22:23:02 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-09 22:23:00 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-09 22:23:00 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-09 22:23:00 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-09 22:23:00 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-09 22:23:00 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-09 22:23:00 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-09 22:23:00 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-09 22:23:00 55808 ( ..... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-09 22:23:00 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-05-06 21:04:48 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Nology"
2006-04-30 14:37:14 ( .D... ) "C:\Program Files\Security Task Manager"
2006-04-29 20:52:20 ( .D... ) "C:\Program Files\Microsoft Games"
2006-04-29 06:07:48 5533696 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-26 21:46:24 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\PlayFirst"
2006-04-26 21:46:10 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mind Control Software"
2006-04-26 17:08:20 101792 ( A.... ) "C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT"
2006-04-26 14:49:54 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Wildfire"
2006-04-25 02:20:12 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\funkitron"
2006-04-21 14:09:36 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Blippy Games"
2006-04-06 10:54:38 73728 ( A.... ) "C:\WINDOWS\system32\asuninst.exe"
2006-01-30 23:35:26 2054 ( A.... ) "C:\Program Files\INSTALL.LOG"
2004-08-18 16:01:24 2931712 ( A..H. ) "C:\Program Files\BOOTIMG.BIN"
2004-08-18 16:00:32 2048 ( A..H. ) "C:\Program Files\BOOTCAT.BIN"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"QuickFinder Scheduler"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"IpWins"="C:\\Program Files\\ipwins\\ipwins.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Grouper.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Grouper.lnk"
"backup"="C:\\WINDOWS\\pss\\Grouper.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Grouper\\Grouper.exe -s"
"item"="Grouper"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=dword:00000002
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FOLDER.TSX
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: Sun 06/18/2006 21:15:34.82
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
The next logs will be in the next post.