Tech Support Forum - View Single Post

betty123 · 07-29-2006, 08:25 PM

Ewido
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:19:32 PM 7/29/2006

+ Scan result:

C:\WINDOWS\SeekmoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Program Files\EngageSidebar\EffBar.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Ldresb\Ldresb.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Shlesb.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rvn896b6.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\system32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\0041AD7C-36E2-49D8-9954-E5EE73 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\4F341F4F-399C-4C86-A493-FA0185 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\696A6BA1-666E-4A33-BF47-649455 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\AAF4A96F-AD67-4B37-99BE-46F55B -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\48BB31E2-F918-4980-AAD7-BDA560\CE4CEBAE-B7DB-412A-9003-C2C22A -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
[488] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Adware.SAHA : Cleaned with backup (quarantined).
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mzko\mzkod\mzkoc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\bootinit.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\msnotify.com -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\pcdoctor.com -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\runinst.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\setup.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\setup32.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\QooBox\dmonwv.dll.vir -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\wd7gi8n.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\21EE5096-A87E-4BE2-B9D6-F5CA58.asq -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\cdhwgoa.dll.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\csvab.dat.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\mfxbo.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\odtxv.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\vvhwpf.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\xaffalp.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\gfidtct.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\boot.pif -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\setup64.exe -> Downloader.VB.afo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pre.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\engage.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\526_620.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Owner\Desktop\backups\backup-20060729-180138-318.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\kansup.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Fоnts\nslookup.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).

::Report end

Panda

Incident Status Location

Adware:adware/wupd Not disinfected c:\program files\AdTools Service
Spyware:spyware/new.net Not disinfected c:\program files\NewDotNet
Potentially unwanted tool:application/seekmo Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\seekmo
Adware:adware/yazzlesudoku Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_local_machine\software\WinAntiVirus Pro 2006
Adware:adware/dollarrevenue Not disinfected Windows Registry
Adware:adware/xplugin Not disinfected Windows Registry
Virus:Trj/Downloader.JJK Disinfected C:\antidote.pif
Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\VSL02.exe
Adware:Adware/2Z0o Not disinfected C:\bintheredunthat\yakxxuo.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt
Adware:Adware/Maxifiles Not disinfected C:\drwin32.exe[cmdmgr3.exe]
Adware:Adware/DollarRevenue Not disinfected C:\drwin32.exe[cmdmgr3.exe][²ÜÇ\System.dll]
Adware:Adware/DollarRevenue Not disinfected C:\drwin32.exe[cmdmgr3.exe][²ÜÇ\nsProcess.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\drwin32.exe[cmdmgr3.exe][¦++\²íÇ\Update.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\drwin32.exe[cmdmgr3.exe][¦++\²íÇ\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\drwin32.exe[cmdmgr3.exe][MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\drwin32.exe[cmdmgr3.exe][Activate.exe]
Spyware:Cookie/Go Not disinfected C:\found.000\file0000.chk
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\services.exe
Adware:Adware/PurityScan Not disinfected C:\Trelew.exe
Adware:Adware/NewAds Not disinfected C:\WINDOWS\cmdmgr.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\cmdmgr3.exe
Adware:Adware/NewAds Not disinfected C:\WINDOWS\hostsmgr.exe
Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS\ssqbn.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\system32\instsrv.exe
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: hi\information.txt .scr
Virus:W32/Netsky.P.worm Disinfected [message.zip][details.txt .pif]
Virus:W32/Sober.I.worm Disinfected Local Folders\Deleted Items\FwD: Mail_Delivery_failure <error_:1024>\auto__mail.aol.1753.EML.scr
Virus:W32/Netsky.P.worm Disinfected [details.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: approved\file.doc.exe
HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:09:23 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [{4D-DE-E6-6D-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97B9D9A-A22C-4BB6-A32D-FA641510A0A4}: NameServer = 208.54.220.20 209.142.136.85
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

combofix
Start Time= Sat 07/29/2006 15:09:48.06
Running from: C:\Documents and Settings\Compaq_Owner\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}]
@=""

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

FILES REMOVED:

C:\WINDOWS\SYSTEM32\bppanui.dll
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\jt0s07d7e.dll
C:\WINDOWS\SYSTEM32\lvpo0973e.dll
C:\WINDOWS\SYSTEM32\mxvcp70.dll
C:\WINDOWS\SYSTEM32\ode32.dll

Granting sedebugprivilege to Administrators ... successful

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

15:12:30.15

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst

* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\mfxbo.exe
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\xaffalp.exe

* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\uqneg.dll
C:\WINDOWS\system32\xaffalp.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\mfxbo.exe
C:\WINDOWS\system32\csvab.dat
C:\WINDOWS\system32\cdhwgoa.dll
C:\WINDOWS\system32\cdhwgoa.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\odtxv.exe

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

2006-06-22 12:08:50 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-06-22 12:10:00 127,488 "C:\WINDOWS\system32\vvhwpf.exe"
2006-06-22 12:10:00 28,672 "C:\WINDOWS\system32\mfxbo.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-06-22 12:09:54 32,256 "C:\WINDOWS\system32\dmonwv.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 00:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 10:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 00:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-06-12 14:09:18 10,752 "C:\WINDOWS\system32\Shlesb.dll"
2006-05-10 00:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-06-22 12:08:50 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-22 12:08:50 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-22 12:10:00 23,552 "C:\WINDOWS\system32\xaffalp.exe"
2006-07-29 11:41:34 233,780 "C:\WINDOWS\system32\bppanui.dll"
2006-05-10 00:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-06-22 12:10:00 51,712 "C:\WINDOWS\system32\cdhwgoa.dll"
2006-05-10 00:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 00:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-07-28 19:57:46 236,930 "C:\WINDOWS\system32\mxvcp70.dll"
2006-05-10 00:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 10:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 00:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-06-28 18:12:00 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 00:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-07-29 11:45:40 236,985 "C:\WINDOWS\system32\ode32.dll"
2006-06-22 12:10:00 127,488 "C:\WINDOWS\system32\csvab.dat"
2006-07-28 19:12:24 303 "C:\WINDOWS\uqneg.dll"
2006-06-22 12:09:56 53 "C:\WINDOWS\vnlovb.dat"
2006-06-22 12:10:00 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\odtxv.exe"

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

06/22/2006 12:09 PM 127,488 vvhwpf.exe.vir
06/22/2006 12:09 PM 127,488 csvab.dat.vir
06/22/2006 12:09 PM 127,488 odtxv.exe.vir
06/22/2006 12:09 PM 51,712 cdhwgoa.dll.vir
06/22/2006 12:09 PM 32,256 dmonwv.dll.vir
06/22/2006 12:09 PM 28,672 mfxbo.exe.vir
06/22/2006 12:09 PM 23,552 xaffalp.exe.vir
06/22/2006 12:09 PM 53 vnlovb.dat.vir

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

2006-06-22 12:08:50 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-22 12:08:50 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-05-10 00:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 00:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 00:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 10:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 00:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-06-28 18:12:00 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 00:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 00:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 10:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 00:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-06-12 14:09:18 10,752 "C:\WINDOWS\system32\Shlesb.dll"
2006-05-10 00:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-06-22 12:08:50 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
2006-05-10 00:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-07-28 19:12:24 303 "C:\WINDOWS\uqneg.dll"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Mendoza1.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FV2RAKXS\drsmartload849a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\drsmartload[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\nwnmc_4[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\kybrdc_4[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RCEO1SLW\drsmartload46a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJIB4HYR\drsmartload45a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJIB4HYR\dfndrc_4a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RCEO1SLW\MTE3NDI6ODoxNg[1].exe
C:\Program Files\snowball wars

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-29 14:46:06 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-29 14:36:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-28 19:12:24 303 ( A.... ) "C:\WINDOWS\uqneg.dll"
2006-07-28 18:04:24 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-07-28 18:04:22 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-28 17:26:22 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft"
2006-07-28 17:26:12 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-28 17:24:16 2855080 ( A.... ) "C:\aawsepersonal.exe"
2006-07-28 17:18:38 857915 ( A.... ) "C:\vx2cleaner_inst.exe"
2006-07-28 16:45:32 128826 ( A.... ) "C:\NNuninstall.exe"
2006-07-28 01:24:46 23280 ( A.... ) "C:\WINDOWS\icont.exe"
2006-07-27 19:34:22 ( .D... ) "C:\Program Files\Norton AntiVirus"
2006-07-16 18:55:54 1063 ( A.... ) "C:\WINDOWS\system32\rvn896b6.sys"
2006-07-16 18:55:54 1063 ( A.... ) "C:\WINDOWS\system32\rvn896b6.sys"
2006-07-15 22:30:24 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Google"
2006-07-06 09:42:08 202768 ( A.... ) "C:\drwin32.exe"
2006-07-05 21:36:26 ( .D... ) "C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}"
2006-07-05 21:18:34 268 ( A.... ) "C:\WINDOWS\comexec.bat"
2006-07-05 20:39:02 14336 ( A.... ) "C:\WINDOWS\comsonie.exe"
2006-07-05 19:55:16 12288 ( A.... ) "C:\setup32.exe"
2006-07-05 19:23:58 12288 ( A.... ) "C:\setup.exe"
2006-07-05 16:00:22 12288 ( A.... ) "C:\runinst.exe"
2006-07-05 15:43:04 11776 ( A.... ) "C:\pcdoctor.com"
2006-07-05 06:19:10 151112 ( A.... ) "C:\WINDOWS\cmdmgr3.exe"
2006-07-04 19:42:10 677 ( A.... ) "C:\cmdhost.exe"
2006-07-04 14:21:36 12288 ( A.... ) "C:\msnotify.com"
2006-07-02 17:29:26 12288 ( A.... ) "C:\setup64.exe"
2006-07-02 15:21:46 11776 ( A.... ) "C:\msts.com"
2006-07-01 16:44:18 12800 ( A.... ) "C:\picture012.exe"
2006-06-30 20:07:32 14336 ( A.... ) "C:\install64.exe"
2006-06-30 20:05:28 14336 ( A.... ) "C:\install62.exe"
2006-06-30 16:19:44 14336 ( A.... ) "C:\install32.exe"
2006-06-29 20:24:56 12288 ( A.... ) "C:\runstd1.exe"
2006-06-29 20:24:06 12288 ( A.... ) "C:\runstd0.exe"
2006-06-29 20:23:02 12288 ( A.... ) "C:\runstd.exe"
2006-06-29 20:01:30 12288 ( A.... ) "C:\runst.exe"
2006-06-29 19:51:24 12288 ( A.... ) "C:\runset.exe"
2006-06-29 19:16:40 677 ( A.... ) "C:\runme.exe"
2006-06-28 19:23:56 ( .D... ) "C:\Program Files\Common Files\F?nts"
2006-06-28 19:23:34 ( .D... ) "C:\Program Files\ornu"
2006-06-28 19:19:06 12288 ( A.... ) "C:\hotshot.exe"
2006-06-28 18:47:42 12288 ( A.... ) "C:\rwar.exe"
2006-06-28 18:23:04 61440 ( A.... ) "C:\WINDOWS\system32\rvn896b6.dll"
2006-06-28 18:23:04 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-06-28 18:22:58 29696 ( A.... ) "C:\WINDOWS\system32\w07ae388.dll"
2006-06-28 18:13:30 ( .D... ) "C:\Program Files\EngageSidebar"
2006-06-28 18:13:28 133916 ( A.... ) "C:\WINDOWS\system32\2-20060511-1.exe"
2006-06-28 18:13:26 328704 ( A.... ) "C:\WINDOWS\system32\pre.exe"
2006-06-28 18:12:04 2560 ( A.... ) "C:\ac3_0003.exe"
2006-06-28 18:12:00 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-06-28 18:12:00 ( ADS.. ) "C:\Program Files\NewDotNet"
2006-06-28 17:33:28 12288 ( A.... ) "C:\autoexec02.exe"
2006-06-28 16:50:48 12288 ( A.... ) "C:\autoexec.exe"
2006-06-28 16:22:20 12288 ( A.... ) "C:\execfile01.exe"
2006-06-28 16:21:06 12288 ( A.... ) "C:\execfile00.exe"
2006-06-28 09:29:56 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Trevoli"
2006-06-28 09:29:44 ( .D... ) "C:\Program Files\Photo Finale"
2006-06-28 09:26:04 12800 ( A.... ) "C:\services.exe"
2006-06-27 09:08:02 3209 ( A.... ) "C:\corruptfile.exe"
2006-06-25 22:43:12 15872 ( A.... ) "C:\bootinit.exe"
2006-06-23 10:22:08 9216 ( A.... ) "C:\WINDOWS\gfidtct.dll"
2006-06-22 12:11:24 389632 ( A.... ) "C:\webnexmk.exe"
2006-06-22 12:11:06 20480 ( A.... ) "C:\stub_sca3.exe"
2006-06-22 12:10:48 362496 ( A.... ) "C:\526_620.exe"
2006-06-22 12:09:52 290816 ( A.... ) "C:\installerwnus.exe"
2006-06-22 12:08:56 ( .D... ) "C:\Program Files\Common Files\mzko"
2006-06-22 12:08:50 208896 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-22 12:08:50 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-22 12:08:50 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-06-22 12:08:34 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-06-22 12:07:42 45059 ( A.... ) "C:\ZIGID003.exe"
2006-06-22 12

54 310122 ( A.... ) "C:\Trelew.exe"
2006-06-20 16:14:02 13824 ( A.... ) "C:\WINDOWS\comserv.exe"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-15 15:26:44 1142784 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-15 15:26:40 24576 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe"
2006-06-14 22:01:56 403799 ( A.... ) "C:\WINDOWS\cmdmgr.exe"
2006-06-14 21:03:46 114174 ( A.... ) "C:\WINDOWS\hostsmgr.exe"
2006-06-12 14:09:18 10752 ( A.... ) "C:\WINDOWS\system32\Shlesb.dll"
2006-06-07 12:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 12:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-29 11:45 259,379,200 C:\hiberfil.sys
2006-07-28 18:04 24,576 C:\WINDOWS\system32ssec.exe
2006-07-28 18:04 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-28 17:24 2,855,080 C:\aawsepersonal.exe
2006-07-28 17:18 857,915 C:\vx2cleaner_inst.exe
2006-07-28 16:45 128,826 C:\NNuninstall.exe
2006-07-27 22:12 23,280 C:\WINDOWS\icont.exe
2006-07-06 09:42 151,112 C:\WINDOWS\cmdmgr3.exe
2006-07-06 09:42 14,336 C:\WINDOWS\comsonie.exe
2006-07-05 20:32 202,768 C:\drwin32.exe
2006-07-05 16:00 12,288 C:\runinst.exe
2006-07-05 10:49 11,776 C:\pcdoctor.com
2006-07-04 14:43 12,288 C:\setup.exe
2006-07-04 14:40 12,288 C:\setup32.exe
2006-07-04 12:14 12,288 C:\msnotify.com
2006-07-02 12:04 11,776 C:\msts.com
2006-07-01 16:44 12,800 C:\picture012.exe
2006-06-30 21:46 677 C:\cmdhost.exe
2006-06-30 20:07 14,336 C:\install64.exe
2006-06-30 20:05 14,336 C:\install62.exe
2006-06-30 16:19 14,336 C:\install32.exe
2006-06-30 16:14 12,288 C:\setup64.exe
2006-06-29 20:24 12,288 C:\runstd1.exe
2006-06-29 20:24 12,288 C:\runstd0.exe
2006-06-29 20:23 12,288 C:\runstd.exe
2006-06-29 20:01 12,288 C:\runst.exe
2006-06-29 19:51 12,288 C:\runset.exe
2006-06-29 18:15 677 C:\runme.exe
2006-06-28 20:10 403,799 C:\WINDOWS\cmdmgr.exe
2006-06-28 19:19 12,288 C:\hotshot.exe
2006-06-28 18:47 12,288 C:\rwar.exe
2006-06-28 18:23 61,440 C:\WINDOWS\system32\rvn896b6.dll
2006-06-28 18:23 38,412 C:\WINDOWS\ssqbn.exe
2006-06-28 18:23 1,063 C:\WINDOWS\system32\rvn896b6.sys
2006-06-28 18:22 29,696 C:\WINDOWS\system32\w07ae388.dll
2006-06-28 18:13 328,704 C:\WINDOWS\system32\pre.exe
2006-06-28 18:13 133,916 C:\WINDOWS\system32\2-20060511-1.exe
2006-06-28 18:12 2,560 C:\ac3_0003.exe
2006-06-28 18:11 8,464 C:\WINDOWS\system32\sporder.dll
2006-06-28 17:33 12,288 C:\autoexec02.exe
2006-06-28 16:50 12,288 C:\autoexec.exe
2006-06-28 16:22 12,288 C:\execfile01.exe
2006-06-28 16:21 12,288 C:\execfile00.exe
2006-06-28 09:26 12,800 C:\services.exe
2006-06-27 09:08 3,209 C:\corruptfile.exe
2006-06-25 22:31 15,872 C:\bootinit.exe
2006-06-23 10:22 9,216 C:\WINDOWS\gfidtct.dll
2006-06-23 08:05 268 C:\WINDOWS\comexec.bat
2006-06-23 08:05 13,824 C:\WINDOWS\comserv.exe
2006-06-23 08:05 114,174 C:\WINDOWS\hostsmgr.exe
2006-06-22 12:11 20,480 C:\stub_sca3.exe
2006-06-22 12:10 389,632 C:\webnexmk.exe
2006-06-22 12:09 362,496 C:\526_620.exe
2006-06-22 12:09 303 C:\WINDOWS\uqneg.dll
2006-06-22 12:09 290,816 C:\installerwnus.exe
2006-06-22 12:08 45,056 C:\WINDOWS\system32tfthot.exe
2006-06-22 12:08 45,056 C:\WINDOWS\system32\tfthot.exe
2006-06-22 12:08 45,056 C:\wd7gi8n.exe
2006-06-22 12:08 28,672 C:\WINDOWS\system32ftuninst.exe
2006-06-22 12:08 28,672 C:\WINDOWS\system32\gbe90qs.exe
2006-06-22 12:08 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-06-22 12:08 24,576 C:\WINDOWS\system32\nr1rnqm8.exe
2006-06-22 12:08 208,896 C:\WINDOWS\system32\x3cqp0.dll
2006-06-22 12:08 131,072 C:\WINDOWS\system32\mptft.exe
2006-06-22 12:08 1,142,784 C:\WINDOWS\system32\ssn6tuu.exe
2006-06-22 12:07 45,059 C:\ZIGID003.exe
2006-06-22 12:06 310,122 C:\Trelew.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"DIGServices"="C:\\Program Files\\ESPNRunTime\\DIGServices.exe /brand=ESPN /priority=0 /poll=24"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"InetCntrl"="C:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe"
"{4D-DE-E6-6D-ZN}"="C:\\windows\\system32\\dwdsregt.exe GID003"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"Hhl7RfpJ"="\"C:\\WINDOWS\\system32\\ssn6tuu.exe\""
"NI.UWA6P_0001_N822M1605"="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\QV6FYDER\\WinAntiVirusPro2006FreeInstall[1].exe\" -nag "
"rvn896b6"="RUNDLL32.EXE w07ae388.dll,n 001896b50000000307ae388"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg"
"SubscribedURL"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,e9,01,41,c0,b4,74,30,f0,d5,03,68,de,e9,01,20,6d,\
e9,01,ab,de,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg"
"SubscribedURL"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,19,01,00,00,dc,00,00,00,d2,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,ee,03,00,00,bc,04,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,c8,00,41,c0,b4,74,58,26,20,03,68,de,c8,00,20,6d,\
c8,00,c7,db,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mzko"="C:\\PROGRA~1\\COMMON~1\\mzko\\mzkom.exe"
"rjsqq"="C:\\WINDOWS\\system32\\vvhwpf.exe reg_run"
"Srro"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\nslookup.exe\" -vt yazr"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000488"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"mzko"="C:\\PROGRA~1\\COMMON~1\\mzko\\mzkom.exe"
"rjsqq"="C:\\WINDOWS\\system32\\vvhwpf.exe reg_run"
"Srro"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\nslookup.exe\" -vt yazr"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000488"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Compaq Connections.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Connections.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMPAQ~1\\6750491\\Program\\COMPAQ~1.EXE -startup"
"item"="Compaq Connections"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkbMonitor.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE "
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Compaq Organize.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="Compaq Organize"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdTools"
"hkey"="HKLM"
"command"="C:\\Program Files\\AdTools Service\\AdTools.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLoaderAproposClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CXTPLS~1"
"hkey"="HKLM"
"command"="\"C:\\temp\\CXTPLS~1.EXE\" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dw53RhN5g]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="admppp"
"hkey"="HKCU"
"command"="admppp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gah95on6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\gah95on6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb05"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize313"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize313.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhqhyb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mhqhyb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\mhqhyb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s7mT3nh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alriscon"
"hkey"="HKLM"
"command"="alriscon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\temp\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0400"
"hkey"="HKLM"
"command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yzdrx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Fcrzq"
"hkey"="HKLM"
"command"="C:\\Program Files\\Yacy\\Fcrzq.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 07/29/2006 15:20:18.98
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-29.150947.txt

07-29-2006, 08:25 PM	#3 (permalink)
betty123 Registered User Join Date: Sep 2005 Posts: 8 OS: win95	okay, ran required scans - here is what they said Ewido --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 7:19:32 PM 7/29/2006 + Scan result: C:\WINDOWS\SeekmoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined). C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined). C:\Program Files\EngageSidebar\EffBar.dll -> Adware.Agent : Cleaned with backup (quarantined). C:\WINDOWS\system32\Ldresb\Ldresb.exe -> Adware.Agent : Cleaned with backup (quarantined). C:\WINDOWS\system32\Shlesb.dll -> Adware.Agent : Cleaned with backup (quarantined). C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined). C:\WINDOWS\system32\rvn896b6.dll -> Adware.IEHelper : Cleaned with backup (quarantined). C:\WINDOWS\system32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined). C:\WINDOWS\system32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined). C:\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\0041AD7C-36E2-49D8-9954-E5EE73 -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\4F341F4F-399C-4C86-A493-FA0185 -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\696A6BA1-666E-4A33-BF47-649455 -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\AAF4A96F-AD67-4B37-99BE-46F55B -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\48BB31E2-F918-4980-AAD7-BDA560\CE4CEBAE-B7DB-412A-9003-C2C22A -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined). [488] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Adware.SAHA : Cleaned with backup (quarantined). C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined). C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined). C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup (quarantined). C:\Program Files\Common Files\mzko\mzkod\mzkoc.dll -> Adware.TargetServer : Cleaned with backup (quarantined). C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined). C:\bootinit.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined). C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined). C:\msnotify.com -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\pcdoctor.com -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\runinst.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\setup.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\setup32.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined). C:\QooBox\dmonwv.dll.vir -> Downloader.Agent.agw : Cleaned with backup (quarantined). C:\wd7gi8n.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined). C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\21EE5096-A87E-4BE2-B9D6-F5CA58.asq -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\QooBox\cdhwgoa.dll.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\QooBox\csvab.dat.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\QooBox\mfxbo.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\QooBox\odtxv.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\QooBox\vvhwpf.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\QooBox\xaffalp.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\WINDOWS\gfidtct.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined). C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined). C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined). C:\boot.pif -> Downloader.VB.afe : Cleaned with backup (quarantined). C:\setup64.exe -> Downloader.VB.afo : Cleaned with backup (quarantined). C:\WINDOWS\system32\pre.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined). C:\bintheredunthat\engage.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined). C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined). C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined). C:\526_620.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined). C:\Documents and Settings\Compaq_Owner\Desktop\backups\backup-20060729-180138-318.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined). C:\kansup.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined). C:\Program Files\Common Files\Fоnts\nslookup.exe -> Trojan.PurityAd : Cleaned with backup (quarantined). C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup (quarantined). C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). ::Report end Panda Incident Status Location Adware:adware/wupd Not disinfected c:\program files\AdTools Service Spyware:spyware/new.net Not disinfected c:\program files\NewDotNet Potentially unwanted tool:application/seekmo Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\seekmo Adware:adware/yazzlesudoku Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_local_machine\software\WinAntiVirus Pro 2006 Adware:adware/dollarrevenue Not disinfected Windows Registry Adware:adware/xplugin Not disinfected Windows Registry Virus:Trj/Downloader.JJK Disinfected C:\antidote.pif Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\VSL02.exe Adware:Adware/2Z0o Not disinfected C:\bintheredunthat\yakxxuo.exe Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt Adware:Adware/Maxifiles Not disinfected C:\drwin32.exe[cmdmgr3.exe] Adware:Adware/DollarRevenue Not disinfected C:\drwin32.exe[cmdmgr3.exe][²ÜÇ\System.dll] Adware:Adware/DollarRevenue Not disinfected C:\drwin32.exe[cmdmgr3.exe][²ÜÇ\nsProcess.dll] Spyware:Spyware/Virtumonde Not disinfected C:\drwin32.exe[cmdmgr3.exe][¦++\²íÇ\Update.exe] Spyware:Spyware/Virtumonde Not disinfected C:\drwin32.exe[cmdmgr3.exe][¦++\²íÇ\services.dll] Adware:Adware/Mytoolbar Not disinfected C:\drwin32.exe[cmdmgr3.exe][MyToolBar.dll] Adware:Adware/Mytoolbar Not disinfected C:\drwin32.exe[cmdmgr3.exe][Activate.exe] Spyware:Cookie/Go Not disinfected C:\found.000\file0000.chk Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\services.dll Adware:Adware/DollarRevenue Not disinfected C:\services.exe Adware:Adware/PurityScan Not disinfected C:\Trelew.exe Adware:Adware/NewAds Not disinfected C:\WINDOWS\cmdmgr.exe Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\cmdmgr3.exe Adware:Adware/NewAds Not disinfected C:\WINDOWS\hostsmgr.exe Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS\ssqbn.exe Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\system32\instsrv.exe Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: hi\information.txt .scr Virus:W32/Netsky.P.worm Disinfected [message.zip][details.txt .pif] Virus:W32/Sober.I.worm Disinfected Local Folders\Deleted Items\FwD: Mail_Delivery_failure <error_:1024>\auto__mail.aol.1753.EML.scr Virus:W32/Netsky.P.worm Disinfected [details.zip][document.txt .exe] Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: approved\file.doc.exe HJT Logfile of HijackThis v1.99.1 Scan saved at 9:09:23 PM, on 7/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe O4 - HKLM\..\Run: [{4D-DE-E6-6D-ZN}] C:\windows\system32\dwdsregt.exe GID003 O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006FreeInstall[1].exe" -nag O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C97B9D9A-A22C-4BB6-A32D-FA641510A0A4}: NameServer = 208.54.220.20 209.142.136.85 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe combofix Start Time= Sat 07/29/2006 15:09:48.06 Running from: C:\Documents and Settings\Compaq_Owner\Desktop ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}] @="" [HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * FILES REMOVED: C:\WINDOWS\SYSTEM32\bppanui.dll C:\WINDOWS\SYSTEM32\guard.tmp C:\WINDOWS\SYSTEM32\jt0s07d7e.dll C:\WINDOWS\SYSTEM32\lvpo0973e.dll C:\WINDOWS\SYSTEM32\mxvcp70.dll C:\WINDOWS\SYSTEM32\ode32.dll Granting sedebugprivilege to Administrators ... successful ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))) 15:12:30.15 Not all files found by this method are bad. There may be legitimate files found This log should be examined by a trained analyst * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\system32\vvhwpf.exe C:\WINDOWS\system32\vvhwpf.exe C:\WINDOWS\system32\mfxbo.exe C:\WINDOWS\system32\dmonwv.dll C:\WINDOWS\system32\xaffalp.exe * * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\uqneg.dll C:\WINDOWS\system32\xaffalp.exe C:\WINDOWS\system32\vvhwpf.exe C:\WINDOWS\system32\vvhwpf.exe C:\WINDOWS\system32\vvhwpf.exe C:\WINDOWS\system32\mfxbo.exe C:\WINDOWS\system32\csvab.dat C:\WINDOWS\system32\cdhwgoa.dll C:\WINDOWS\system32\cdhwgoa.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup\odtxv.exe * * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 2006-06-22 12:08:50 45,056 "C:\WINDOWS\system32\tfthot.exe" 2006-06-22 12:10:00 127,488 "C:\WINDOWS\system32\vvhwpf.exe" 2006-06-22 12:10:00 28,672 "C:\WINDOWS\system32\mfxbo.exe" 2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe" 2006-06-22 12:09:54 32,256 "C:\WINDOWS\system32\dmonwv.dll" 2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll" 2006-05-10 00:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll" 2006-05-10 00:23:00 96,256 "C:\WINDOWS\system32\inseng.dll" 2006-05-19 10:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll" 2006-05-10 00:23:02 532,480 "C:\WINDOWS\system32\mstime.dll" 2006-06-12 14:09:18 10,752 "C:\WINDOWS\system32\Shlesb.dll" 2006-05-10 00:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll" 2006-06-22 12:08:50 208,896 "C:\WINDOWS\system32\x3cqp0.dll" 2006-06-22 12:08:50 28,672 "C:\WINDOWS\system32\gbe90qs.exe" 2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe" 2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe" 2006-06-22 12:10:00 23,552 "C:\WINDOWS\system32\xaffalp.exe" 2006-07-29 11:41:34 233,780 "C:\WINDOWS\system32\bppanui.dll" 2006-05-10 00:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll" 2006-06-22 12:10:00 51,712 "C:\WINDOWS\system32\cdhwgoa.dll" 2006-05-10 00:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll" 2006-05-10 00:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll" 2006-05-10 00:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll" 2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll" 2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll" 2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll" 2006-05-10 00:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll" 2006-07-28 19:57:46 236,930 "C:\WINDOWS\system32\mxvcp70.dll" 2006-05-10 00:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll" 2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll" 2006-05-29 10:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll" 2006-05-10 00:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll" 2006-06-28 18:12:00 8,464 "C:\WINDOWS\system32\sporder.dll" 2006-05-10 00:23:04 658,432 "C:\WINDOWS\system32\wininet.dll" 2006-05-10 00:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll" 2006-07-29 11:45:40 236,985 "C:\WINDOWS\system32\ode32.dll" 2006-06-22 12:10:00 127,488 "C:\WINDOWS\system32\csvab.dat" 2006-07-28 19:12:24 303 "C:\WINDOWS\uqneg.dll" 2006-06-22 12:09:56 53 "C:\WINDOWS\vnlovb.dat" 2006-06-22 12:10:00 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\odtxv.exe" * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * * 06/22/2006 12:09 PM 127,488 vvhwpf.exe.vir 06/22/2006 12:09 PM 127,488 csvab.dat.vir 06/22/2006 12:09 PM 127,488 odtxv.exe.vir 06/22/2006 12:09 PM 51,712 cdhwgoa.dll.vir 06/22/2006 12:09 PM 32,256 dmonwv.dll.vir 06/22/2006 12:09 PM 28,672 mfxbo.exe.vir 06/22/2006 12:09 PM 23,552 xaffalp.exe.vir 06/22/2006 12:09 PM 53 vnlovb.dat.vir DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO * * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 2006-06-22 12:08:50 28,672 "C:\WINDOWS\system32\gbe90qs.exe" 2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe" 2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe" 2006-06-22 12:08:50 45,056 "C:\WINDOWS\system32\tfthot.exe" 2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe" 2006-05-10 00:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll" 2006-05-10 00:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll" 2006-05-10 00:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll" 2006-05-10 00:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll" 2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll" 2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll" 2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll" 2006-05-10 00:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll" 2006-05-10 00:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll" 2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll" 2006-05-29 10:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll" 2006-05-10 00:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll" 2006-06-28 18:12:00 8,464 "C:\WINDOWS\system32\sporder.dll" 2006-05-10 00:23:04 658,432 "C:\WINDOWS\system32\wininet.dll" 2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll" 2006-05-10 00:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll" 2006-05-10 00:23:00 96,256 "C:\WINDOWS\system32\inseng.dll" 2006-05-19 10:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll" 2006-05-10 00:23:02 532,480 "C:\WINDOWS\system32\mstime.dll" 2006-06-12 14:09:18 10,752 "C:\WINDOWS\system32\Shlesb.dll" 2006-05-10 00:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll" 2006-06-22 12:08:50 208,896 "C:\WINDOWS\system32\x3cqp0.dll" 2006-05-10 00:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll" 2006-07-28 19:12:24 303 "C:\WINDOWS\uqneg.dll" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Mendoza1.exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FV2RAKXS\drsmartload849a[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\drsmartload[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\nwnmc_4[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\kybrdc_4[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RCEO1SLW\drsmartload46a[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJIB4HYR\drsmartload45a[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJIB4HYR\dfndrc_4a[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RCEO1SLW\MTE3NDI6ODoxNg[1].exe C:\Program Files\snowball wars (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 14:46:06 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-29 14:36:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-28 19:12:24 303 ( A.... ) "C:\WINDOWS\uqneg.dll" 2006-07-28 18:04:24 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe" 2006-07-28 18:04:22 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe" 2006-07-28 17:26:22 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft" 2006-07-28 17:26:12 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-28 17:24:16 2855080 ( A.... ) "C:\aawsepersonal.exe" 2006-07-28 17:18:38 857915 ( A.... ) "C:\vx2cleaner_inst.exe" 2006-07-28 16:45:32 128826 ( A.... ) "C:\NNuninstall.exe" 2006-07-28 01:24:46 23280 ( A.... ) "C:\WINDOWS\icont.exe" 2006-07-27 19:34:22 ( .D... ) "C:\Program Files\Norton AntiVirus" 2006-07-16 18:55:54 1063 ( A.... ) "C:\WINDOWS\system32\rvn896b6.sys" 2006-07-16 18:55:54 1063 ( A.... ) "C:\WINDOWS\system32\rvn896b6.sys" 2006-07-15 22:30:24 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Google" 2006-07-06 09:42:08 202768 ( A.... ) "C:\drwin32.exe" 2006-07-05 21:36:26 ( .D... ) "C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}" 2006-07-05 21:18:34 268 ( A.... ) "C:\WINDOWS\comexec.bat" 2006-07-05 20:39:02 14336 ( A.... ) "C:\WINDOWS\comsonie.exe" 2006-07-05 19:55:16 12288 ( A.... ) "C:\setup32.exe" 2006-07-05 19:23:58 12288 ( A.... ) "C:\setup.exe" 2006-07-05 16:00:22 12288 ( A.... ) "C:\runinst.exe" 2006-07-05 15:43:04 11776 ( A.... ) "C:\pcdoctor.com" 2006-07-05 06:19:10 151112 ( A.... ) "C:\WINDOWS\cmdmgr3.exe" 2006-07-04 19:42:10 677 ( A.... ) "C:\cmdhost.exe" 2006-07-04 14:21:36 12288 ( A.... ) "C:\msnotify.com" 2006-07-02 17:29:26 12288 ( A.... ) "C:\setup64.exe" 2006-07-02 15:21:46 11776 ( A.... ) "C:\msts.com" 2006-07-01 16:44:18 12800 ( A.... ) "C:\picture012.exe" 2006-06-30 20:07:32 14336 ( A.... ) "C:\install64.exe" 2006-06-30 20:05:28 14336 ( A.... ) "C:\install62.exe" 2006-06-30 16:19:44 14336 ( A.... ) "C:\install32.exe" 2006-06-29 20:24:56 12288 ( A.... ) "C:\runstd1.exe" 2006-06-29 20:24:06 12288 ( A.... ) "C:\runstd0.exe" 2006-06-29 20:23:02 12288 ( A.... ) "C:\runstd.exe" 2006-06-29 20:01:30 12288 ( A.... ) "C:\runst.exe" 2006-06-29 19:51:24 12288 ( A.... ) "C:\runset.exe" 2006-06-29 19:16:40 677 ( A.... ) "C:\runme.exe" 2006-06-28 19:23:56 ( .D... ) "C:\Program Files\Common Files\F?nts" 2006-06-28 19:23:34 ( .D... ) "C:\Program Files\ornu" 2006-06-28 19:19:06 12288 ( A.... ) "C:\hotshot.exe" 2006-06-28 18:47:42 12288 ( A.... ) "C:\rwar.exe" 2006-06-28 18:23:04 61440 ( A.... ) "C:\WINDOWS\system32\rvn896b6.dll" 2006-06-28 18:23:04 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe" 2006-06-28 18:22:58 29696 ( A.... ) "C:\WINDOWS\system32\w07ae388.dll" 2006-06-28 18:13:30 ( .D... ) "C:\Program Files\EngageSidebar" 2006-06-28 18:13:28 133916 ( A.... ) "C:\WINDOWS\system32\2-20060511-1.exe" 2006-06-28 18:13:26 328704 ( A.... ) "C:\WINDOWS\system32\pre.exe" 2006-06-28 18:12:04 2560 ( A.... ) "C:\ac3_0003.exe" 2006-06-28 18:12:00 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll" 2006-06-28 18:12:00 ( ADS.. ) "C:\Program Files\NewDotNet" 2006-06-28 17:33:28 12288 ( A.... ) "C:\autoexec02.exe" 2006-06-28 16:50:48 12288 ( A.... ) "C:\autoexec.exe" 2006-06-28 16:22:20 12288 ( A.... ) "C:\execfile01.exe" 2006-06-28 16:21:06 12288 ( A.... ) "C:\execfile00.exe" 2006-06-28 09:29:56 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Trevoli" 2006-06-28 09:29:44 ( .D... ) "C:\Program Files\Photo Finale" 2006-06-28 09:26:04 12800 ( A.... ) "C:\services.exe" 2006-06-27 09:08:02 3209 ( A.... ) "C:\corruptfile.exe" 2006-06-25 22:43:12 15872 ( A.... ) "C:\bootinit.exe" 2006-06-23 10:22:08 9216 ( A.... ) "C:\WINDOWS\gfidtct.dll" 2006-06-22 12:11:24 389632 ( A.... ) "C:\webnexmk.exe" 2006-06-22 12:11:06 20480 ( A.... ) "C:\stub_sca3.exe" 2006-06-22 12:10:48 362496 ( A.... ) "C:\526_620.exe" 2006-06-22 12:09:52 290816 ( A.... ) "C:\installerwnus.exe" 2006-06-22 12:08:56 ( .D... ) "C:\Program Files\Common Files\mzko" 2006-06-22 12:08:50 208896 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll" 2006-06-22 12:08:50 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe" 2006-06-22 12:08:50 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe" 2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe" 2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe" 2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe" 2006-06-22 12:08:34 45056 ( A.... ) "C:\wd7gi8n.exe" 2006-06-22 12:07:42 45059 ( A.... ) "C:\ZIGID003.exe" 2006-06-22 1254 310122 ( A.... ) "C:\Trelew.exe" 2006-06-20 16:14:02 13824 ( A.... ) "C:\WINDOWS\comserv.exe" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe" 2006-06-15 15:26:44 1142784 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe" 2006-06-15 15:26:40 24576 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe" 2006-06-14 22:01:56 403799 ( A.... ) "C:\WINDOWS\cmdmgr.exe" 2006-06-14 21:03:46 114174 ( A.... ) "C:\WINDOWS\hostsmgr.exe" 2006-06-12 14:09:18 10752 ( A.... ) "C:\WINDOWS\system32\Shlesb.dll" 2006-06-07 12:55:52 3753 ( A.... ) "C:\Program Files\html2.htm" 2006-06-07 12:55:52 3626 ( A.... ) "C:\Program Files\html1.htm" 2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 11:45 259,379,200 C:\hiberfil.sys 2006-07-28 18:04 24,576 C:\WINDOWS\system32ssec.exe 2006-07-28 18:04 24,576 C:\WINDOWS\system32\ssec.exe 2006-07-28 17:24 2,855,080 C:\aawsepersonal.exe 2006-07-28 17:18 857,915 C:\vx2cleaner_inst.exe 2006-07-28 16:45 128,826 C:\NNuninstall.exe 2006-07-27 22:12 23,280 C:\WINDOWS\icont.exe 2006-07-06 09:42 151,112 C:\WINDOWS\cmdmgr3.exe 2006-07-06 09:42 14,336 C:\WINDOWS\comsonie.exe 2006-07-05 20:32 202,768 C:\drwin32.exe 2006-07-05 16:00 12,288 C:\runinst.exe 2006-07-05 10:49 11,776 C:\pcdoctor.com 2006-07-04 14:43 12,288 C:\setup.exe 2006-07-04 14:40 12,288 C:\setup32.exe 2006-07-04 12:14 12,288 C:\msnotify.com 2006-07-02 12:04 11,776 C:\msts.com 2006-07-01 16:44 12,800 C:\picture012.exe 2006-06-30 21:46 677 C:\cmdhost.exe 2006-06-30 20:07 14,336 C:\install64.exe 2006-06-30 20:05 14,336 C:\install62.exe 2006-06-30 16:19 14,336 C:\install32.exe 2006-06-30 16:14 12,288 C:\setup64.exe 2006-06-29 20:24 12,288 C:\runstd1.exe 2006-06-29 20:24 12,288 C:\runstd0.exe 2006-06-29 20:23 12,288 C:\runstd.exe 2006-06-29 20:01 12,288 C:\runst.exe 2006-06-29 19:51 12,288 C:\runset.exe 2006-06-29 18:15 677 C:\runme.exe 2006-06-28 20:10 403,799 C:\WINDOWS\cmdmgr.exe 2006-06-28 19:19 12,288 C:\hotshot.exe 2006-06-28 18:47 12,288 C:\rwar.exe 2006-06-28 18:23 61,440 C:\WINDOWS\system32\rvn896b6.dll 2006-06-28 18:23 38,412 C:\WINDOWS\ssqbn.exe 2006-06-28 18:23 1,063 C:\WINDOWS\system32\rvn896b6.sys 2006-06-28 18:22 29,696 C:\WINDOWS\system32\w07ae388.dll 2006-06-28 18:13 328,704 C:\WINDOWS\system32\pre.exe 2006-06-28 18:13 133,916 C:\WINDOWS\system32\2-20060511-1.exe 2006-06-28 18:12 2,560 C:\ac3_0003.exe 2006-06-28 18:11 8,464 C:\WINDOWS\system32\sporder.dll 2006-06-28 17:33 12,288 C:\autoexec02.exe 2006-06-28 16:50 12,288 C:\autoexec.exe 2006-06-28 16:22 12,288 C:\execfile01.exe 2006-06-28 16:21 12,288 C:\execfile00.exe 2006-06-28 09:26 12,800 C:\services.exe 2006-06-27 09:08 3,209 C:\corruptfile.exe 2006-06-25 22:31 15,872 C:\bootinit.exe 2006-06-23 10:22 9,216 C:\WINDOWS\gfidtct.dll 2006-06-23 08:05 268 C:\WINDOWS\comexec.bat 2006-06-23 08:05 13,824 C:\WINDOWS\comserv.exe 2006-06-23 08:05 114,174 C:\WINDOWS\hostsmgr.exe 2006-06-22 12:11 20,480 C:\stub_sca3.exe 2006-06-22 12:10 389,632 C:\webnexmk.exe 2006-06-22 12:09 362,496 C:\526_620.exe 2006-06-22 12:09 303 C:\WINDOWS\uqneg.dll 2006-06-22 12:09 290,816 C:\installerwnus.exe 2006-06-22 12:08 45,056 C:\WINDOWS\system32tfthot.exe 2006-06-22 12:08 45,056 C:\WINDOWS\system32\tfthot.exe 2006-06-22 12:08 45,056 C:\wd7gi8n.exe 2006-06-22 12:08 28,672 C:\WINDOWS\system32ftuninst.exe 2006-06-22 12:08 28,672 C:\WINDOWS\system32\gbe90qs.exe 2006-06-22 12:08 28,672 C:\WINDOWS\system32\ftuninst.exe 2006-06-22 12:08 24,576 C:\WINDOWS\system32\nr1rnqm8.exe 2006-06-22 12:08 208,896 C:\WINDOWS\system32\x3cqp0.dll 2006-06-22 12:08 131,072 C:\WINDOWS\system32\mptft.exe 2006-06-22 12:08 1,142,784 C:\WINDOWS\system32\ssn6tuu.exe 2006-06-22 12:07 45,059 C:\ZIGID003.exe 2006-06-22 12:06 310,122 C:\Trelew.exe 2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "AGRSMMSG"="AGRSMMSG.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "Alcmtr"="ALCMTR.EXE" "gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe" "DIGServices"="C:\\Program Files\\ESPNRunTime\\DIGServices.exe /brand=ESPN /priority=0 /poll=24" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe" "InetCntrl"="C:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe" "{4D-DE-E6-6D-ZN}"="C:\\windows\\system32\\dwdsregt.exe GID003" "ftexc"="C:\\WINDOWS\\system32\\mptft.exe" "Hhl7RfpJ"="\"C:\\WINDOWS\\system32\\ssn6tuu.exe\"" "NI.UWA6P_0001_N822M1605"="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\QV6FYDER\\WinAntiVirusPro2006FreeInstall[1].exe\" -nag " "rvn896b6"="RUNDLL32.EXE w07ae388.dll,n 001896b50000000307ae388" "New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg" "SubscribedURL"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,e9,01,41,c0,b4,74,30,f0,d5,03,68,de,e9,01,20,6d,\ e9,01,ab,de,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg" "SubscribedURL"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,12,02,00,00,19,01,00,00,dc,00,00,00,d2,00,00,00,ea,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,ee,03,00,00,bc,04,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,c8,00,41,c0,b4,74,58,26,20,03,68,de,c8,00,20,6d,\ c8,00,c7,db,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "mzko"="C:\\PROGRA~1\\COMMON~1\\mzko\\mzkom.exe" "rjsqq"="C:\\WINDOWS\\system32\\vvhwpf.exe reg_run" "Srro"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\nslookup.exe\" -vt yazr" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run] "{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000488" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "mzko"="C:\\PROGRA~1\\COMMON~1\\mzko\\mzkom.exe" "rjsqq"="C:\\WINDOWS\\system32\\vvhwpf.exe reg_run" "Srro"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\nslookup.exe\" -vt yazr" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run] "{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000488" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Compaq Connections.lnk" "backup"="C:\\WINDOWS\\pss\\Compaq Connections.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMPAQ~1\\6750491\\Program\\COMPAQ~1.EXE -startup" "item"="Compaq Connections" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkbMonitor.exe.lnk" "backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE " "item"="NkbMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk] "path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Compaq Organize.lnk" "backup"="C:\\WINDOWS\\pss\\Compaq Organize.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\"" "item"="Compaq Organize" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdTools" "hkey"="HKLM" "command"="C:\\Program Files\\AdTools Service\\AdTools.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AGRSMMSG" "hkey"="HKLM" "command"="AGRSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCMTR" "hkey"="HKLM" "command"="ALCMTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCWZRD" "hkey"="HKLM" "command"="ALCWZRD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCXMNTR" "hkey"="HKLM" "command"="ALCXMNTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLoaderAproposClient] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CXTPLS~1" "hkey"="HKLM" "command"="\"C:\\temp\\CXTPLS~1.EXE\" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AutoUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bargains" "hkey"="HKLM" "command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dw53RhN5g] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="admppp" "hkey"="HKCU" "command"="admppp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="gah95on6" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\gah95on6.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpztsb05" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="optimize313" "hkey"="HKLM" "command"="\"C:\\Program Files\\Internet Optimizer\\optimize313.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KBD" "hkey"="HKLM" "command"="C:\\HP\\KBD\\KBD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhqhyb] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mhqhyb" "hkey"="HKLM" "command"="C:\\WINDOWS\\mhqhyb.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ps2" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\ps2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Remind_XP" "hkey"="HKLM" "command"="\"C:\\Windows\\Creator\\Remind_XP.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s7mT3nh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="alriscon" "hkey"="HKLM" "command"="alriscon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="salm" "hkey"="HKLM" "command"="c:\\temp\\salm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTTimer" "hkey"="HKLM" "command"="VTTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Weather" "hkey"="HKCU" "command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cdaEngine0400" "hkey"="HKLM" "command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yzdrx] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Fcrzq" "hkey"="HKLM" "command"="C:\\Program Files\\Yacy\\Fcrzq.exe" "inimapping"="0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: Sat 07/29/2006 15:20:18.98 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-29.150947.txt