Tech Support Forum - View Single Post

carsfranchino · 07-29-2006, 03:58 AM

Combo Fix Logs:

Start Time= Sat 07/29/2006 5:46:51.38
Running from: C:\Documents and Settings\Alfredo\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-29 05:47:02 81920 ( A.... ) "C:\WINDOWS\system32\javaw.dll"
2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis"
2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak"
2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip"
2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe"
2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity"
2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe"
2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0"
2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32"
2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe"
2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software"
2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe"
2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe"
2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe"
2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe"
2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe"
2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe"
2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll"
2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll"
2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe"
2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe"
2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb"
2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat"
2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe"
2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe"
2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker"
2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle"
2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe"
2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe"
2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat"
2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools"
2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-29 05:47 81,920 C:\WINDOWS\system32\javaw.dll
2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe
2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll
2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe
2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe
2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe
2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe
2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll
2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll
2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe
2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe
2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe
2006-07-17 11:01 0 C:\loaded.exe
2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe
2006-07-12 15:15 408 C:\doejo3k.exe
2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe
2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys
2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll
2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe
2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe
2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr"
"Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe"
"Vjrva"="C:\\Documents and Settings\\Alfredo\\My Documents\\??crosoft.NET\\w?nspool.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"item"="ddegv"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="8a3ba9d3"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfg32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\cfg32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndref_7"
"hkey"="HKLM"
"command"="C:\\\\dfndref_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dxvwmpti"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\dxvwmpti.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fzzkm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kvrfpr"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssn6tuu"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdef_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdef_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="win32"
"hkey"="HKLM"
"command"="win32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmac_6"
"hkey"="HKLM"
"command"="C:\\\\nwnmac_6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="testtestt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\testtestt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchostsys"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Yrzozi"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xijajb\\Yrzozi.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JUMPDRIVE32"
"hkey"="HKLM"
"command"="JUMPDRIVE32.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wInterface"
"hkey"="HKLM"
"command"="wInterface.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKCU"
"command"="explorer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssloop"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ssloop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="_zskwrkni05creciy_^nsujsqa^"
"hkey"="HKCU"
"command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 07/29/2006 5:47:06.81
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-29.054651.txt

Start Time= Fri 07/28/2006 19:09:58.90
Running from: C:\Documents and Settings\Alfredo\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}]
@=""

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\InprocServer32]
@="C:\\WINDOWS\\system32\\agcups.dll"
"ThreadingModel"="Apartment"

Granting sedebugprivilege to Administrators ... successful

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis"
2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak"
2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip"
2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe"
2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity"
2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe"
2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0"
2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32"
2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe"
2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software"
2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe"
2006-07-26 19:36:12 8984 ( A.... ) "C:\WINDOWS\system32\taskdir~.exe"
2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe"
2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe"
2006-07-26 18:25:40 45056 ( A.... ) "C:\WINDOWS\System32ghynf.exe"
2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe"
2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe"
2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe"
2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll"
2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll"
2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe"
2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe"
2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb"
2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat"
2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe"
2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe"
2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker"
2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle"
2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe"
2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe"
2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat"
2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools"
2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe
2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll
2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe
2006-07-26 18:25 45,056 C:\WINDOWS\System32ghynf.exe
2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe
2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe
2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe
2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll
2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll
2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe
2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe
2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe
2006-07-17 11:01 0 C:\loaded.exe
2006-07-13 09:20 8,984 C:\WINDOWS\system32\taskdir~.exe
2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe
2006-07-12 15:15 408 C:\doejo3k.exe
2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe
2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys
2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll
2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe
2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe
2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr"
"Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"item"="ddegv"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="8a3ba9d3"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfg32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\cfg32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndref_7"
"hkey"="HKLM"
"command"="C:\\\\dfndref_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dxvwmpti"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\dxvwmpti.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fzzkm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kvrfpr"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssn6tuu"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdef_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdef_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="win32"
"hkey"="HKLM"
"command"="win32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmac_6"
"hkey"="HKLM"
"command"="C:\\\\nwnmac_6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="testtestt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\testtestt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchostsys"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Yrzozi"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xijajb\\Yrzozi.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JUMPDRIVE32"
"hkey"="HKLM"
"command"="JUMPDRIVE32.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wInterface"
"hkey"="HKLM"
"command"="wInterface.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKCU"
"command"="explorer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssloop"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ssloop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="_zskwrkni05creciy_^nsujsqa^"
"hkey"="HKCU"
"command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 07/28/2006 19:14:00.17
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

Smitrem log:

smitRem © log file
version 3.1

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Fri 07/28/2006
The current time is: 22:49:44.81

Running from
C:\Documents and Settings\Alfredo\Desktop\smitrem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2020 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :)

EWIDO LOG:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:42:15 AM 7/29/2006

+ Scan result:

C:\WINDOWS\System32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).

::Report end

NEW HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:49:15 AM, on 7/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\aDOBE\dllhost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\imageaccess.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [Vjrva] C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\javaw.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe

I did not find any Program by OIN and the files and folders to remove.

Thanks!!!

07-29-2006, 03:58 AM	#3 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Results Combo Fix Logs: Start Time= Sat 07/29/2006 5:46:51.38 Running from: C:\Documents and Settings\Alfredo\Desktop QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 05:47:02 81920 ( A.... ) "C:\WINDOWS\system32\javaw.dll" 2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis" 2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak" 2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer" 2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip" 2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe" 2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity" 2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe" 2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0" 2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32" 2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe" 2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software" 2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe" 2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe" 2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe" 2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe" 2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe" 2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe" 2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe" 2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll" 2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll" 2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe" 2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe" 2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb" 2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat" 2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe" 2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe" 2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker" 2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker" 2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle" 2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe" 2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe" 2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll" 2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe" 2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe" 2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat" 2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools" 2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm" 2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm" 2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 05:47 81,920 C:\WINDOWS\system32\javaw.dll 2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe 2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll 2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe 2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe 2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe 2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe 2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe 2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe 2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll 2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll 2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe 2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe 2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe 2006-07-17 11:01 0 C:\loaded.exe 2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe 2006-07-12 15:15 408 C:\doejo3k.exe 2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe 2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys 2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll 2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe 2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe 2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe 2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe 2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr" "Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe" "Vjrva"="C:\\Documents and Settings\\Alfredo\\My Documents\\??crosoft.NET\\w?nspool.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "location"="Common Startup" "command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "item"="ddegv" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="8a3ba9d3" "hkey"="HKCU" "command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="v1201" "hkey"="HKLM" "command"="C:\\WINDOWS\\v1201.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCMSMMSG" "hkey"="HKLM" "command"="BCMSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccRegVfy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfg32" "hkey"="HKLM" "command"="C:\\WINDOWS\\cfg32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dfndref_7" "hkey"="HKLM" "command"="C:\\\\dfndref_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dxvwmpti" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\dxvwmpti.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mptft" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\mptft.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fzzkm" "hkey"="HKCU" "command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kvrfpr" "hkey"="HKCU" "command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssn6tuu" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLHostManager" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="optimize" "hkey"="HKLM" "command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kybrdef_7" "hkey"="HKLM" "command"="C:\\\\kybrdef_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="win32" "hkey"="HKLM" "command"="win32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwnmac_6" "hkey"="HKLM" "command"="C:\\\\nwnmac_6.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ibm00001" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="testtestt" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\testtestt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="svchostsys" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSC00" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSC00.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Yrzozi" "hkey"="HKLM" "command"="C:\\Program Files\\Xijajb\\Yrzozi.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WatchDog" "hkey"="HKLM" "command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="JUMPDRIVE32" "hkey"="HKLM" "command"="JUMPDRIVE32.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wInterface" "hkey"="HKLM" "command"="wInterface.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="explorer" "hkey"="HKCU" "command"="explorer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssloop" "hkey"="HKLM" "command"="C:\\WINDOWS\\ssloop.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="_zskwrkni05creciy_^nsujsqa^" "hkey"="HKCU" "command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe" "inimapping"="0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableTaskMgr REG_DWORD 0 (0x0) DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: Sat 07/29/2006 5:47:06.81 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-29.054651.txt Start Time= Fri 07/28/2006 19:09:58.90 Running from: C:\Documents and Settings\Alfredo\Desktop ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}] @="" [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\InprocServer32] @="C:\\WINDOWS\\system32\\agcups.dll" "ThreadingModel"="Apartment" Granting sedebugprivilege to Administrators ... successful (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis" 2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak" 2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer" 2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip" 2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe" 2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity" 2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe" 2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0" 2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32" 2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe" 2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software" 2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe" 2006-07-26 19:36:12 8984 ( A.... ) "C:\WINDOWS\system32\taskdir~.exe" 2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe" 2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe" 2006-07-26 18:25:40 45056 ( A.... ) "C:\WINDOWS\System32ghynf.exe" 2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe" 2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe" 2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe" 2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe" 2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll" 2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll" 2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe" 2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe" 2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb" 2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat" 2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe" 2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe" 2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker" 2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker" 2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle" 2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe" 2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe" 2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll" 2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe" 2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe" 2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat" 2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools" 2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm" 2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm" 2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe 2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll 2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe 2006-07-26 18:25 45,056 C:\WINDOWS\System32ghynf.exe 2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe 2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe 2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe 2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe 2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe 2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll 2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll 2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe 2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe 2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe 2006-07-17 11:01 0 C:\loaded.exe 2006-07-13 09:20 8,984 C:\WINDOWS\system32\taskdir~.exe 2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe 2006-07-12 15:15 408 C:\doejo3k.exe 2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe 2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys 2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll 2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe 2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe 2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe 2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe 2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr" "Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "location"="Common Startup" "command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "item"="ddegv" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="8a3ba9d3" "hkey"="HKCU" "command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="v1201" "hkey"="HKLM" "command"="C:\\WINDOWS\\v1201.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCMSMMSG" "hkey"="HKLM" "command"="BCMSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccRegVfy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfg32" "hkey"="HKLM" "command"="C:\\WINDOWS\\cfg32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dfndref_7" "hkey"="HKLM" "command"="C:\\\\dfndref_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dxvwmpti" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\dxvwmpti.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mptft" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\mptft.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fzzkm" "hkey"="HKCU" "command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kvrfpr" "hkey"="HKCU" "command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssn6tuu" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLHostManager" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="optimize" "hkey"="HKLM" "command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kybrdef_7" "hkey"="HKLM" "command"="C:\\\\kybrdef_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="win32" "hkey"="HKLM" "command"="win32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwnmac_6" "hkey"="HKLM" "command"="C:\\\\nwnmac_6.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ibm00001" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="testtestt" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\testtestt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="svchostsys" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSC00" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSC00.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Yrzozi" "hkey"="HKLM" "command"="C:\\Program Files\\Xijajb\\Yrzozi.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WatchDog" "hkey"="HKLM" "command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="JUMPDRIVE32" "hkey"="HKLM" "command"="JUMPDRIVE32.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wInterface" "hkey"="HKLM" "command"="wInterface.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="explorer" "hkey"="HKCU" "command"="explorer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssloop" "hkey"="HKLM" "command"="C:\\WINDOWS\\ssloop.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="_zskwrkni05creciy_^nsujsqa^" "hkey"="HKCU" "command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe" "inimapping"="0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableTaskMgr REG_DWORD 0 (0x0) DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: Fri 07/28/2006 19:14:00.17 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt Smitrem log: smitRem © log file version 3.1 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: Fri 07/28/2006 The current time is: 22:49:44.81 Running from C:\Documents and Settings\Alfredo\Desktop\smitrem\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 2020 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) EWIDO LOG: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 5:42:15 AM 7/29/2006 + Scan result: C:\WINDOWS\System32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined). ::Report end NEW HJT: Logfile of HijackThis v1.99.1 Scan saved at 5:49:15 AM, on 7/29/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AIM\aim.exe C:\PROGRA~1\aDOBE\dllhost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\imageaccess.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - HKCU\..\Run: [Vjrva] C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\System32\javaw.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe I did not find any Program by OIN and the files and folders to remove. Thanks!!!