Thread: Project 1 and other pop up problems
View Single Post
Old 09-22-2006, 08:16 AM   #3 (permalink)
rotisman38
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Thanks. I have since used ewido & combo fix and other software and my pc is now running alot better since this. I will post another hijack log and combo log

Logfile of HijackThis v1.99.1
Scan saved at 15:14:38, on 22/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\CTF\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\scott caines\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Never Offline ® Internet Explorer
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebca...ebMonProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www1.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac.uk/other/iss/remote/wficat.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152209767811
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.244.192.60/activex/AxisCamControl.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/ao...US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda...pcuploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AFE5EB-465B-4005-904D-7F362321460C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - SlySoft, Inc. - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------


scott caines - 06-09-22 13:54:42.96 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\scott caines\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))


2006-09-21 18:34 138,862 --a------ C:\WINDOWS\system32\alfa.exe
2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-26 22:08 2,368 --a------ C:\WINDOWS\system32\SVKP.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-22 13:53 -------- d-------- C:\Program Files\Trillian
2006-09-22 13:39 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-22 13:32 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 04:37 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-22 00:11 -------- d-------- C:\Program Files\MSN Messenger
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:03 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 21:12 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-21 18:38 554139 --a------ C:\Documents and Settings\scott caines\Application Data\Dxcknwrd.dll
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:20 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-18 17:13 -------- d-------- C:\Program Files\Auction Sentry
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:10 -------- d-------- C:\Program Files\Windows Defender
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:56 -------- d-------- C:\Program Files\Internet Explorer
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-09-01 16:10 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-29 17:34 -------- d-------- C:\Program Files\WinRAR
2006-08-27 23:39 -------- d-------- C:\Program Files\BitComet
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-23 23:22 -------- d-------- C:\Program Files\LimeWire
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:46 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\Windows Media Player
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-25 18:24 -------- d-------- C:\Program Files\Phenix-Q8
2006-07-25 18:24 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-07-22 22:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\WebCompiler3
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe
2006-06-23 12:02 658944 --a------ C:\WINDOWS\system32\wininet(2).dll
2006-06-23 12:02 474112 --a------ C:\WINDOWS\system32\shlwapi(2).dll
2006-06-23 12:02 448512 --a------ C:\WINDOWS\system32\mshtmled(3).dll
2006-06-23 12:02 1022976 --a------ C:\WINDOWS\system32\browseui(5).dll
2006-06-22 06:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 06:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"BidSlayer"=""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"explorer"="C:\\Documents and Settings\\scott caines\\Xinstall.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"1A:Stardock TrayMonitor"=""
"nwiz"="nwiz.exe /install"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"
"Trickler"="\"c:\\windows\\temp\\adware\\fsg_4104.exe\""
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BrowseProxy"="C:\\Program Files\\AdvSearch\\FindService.exe"
"websearch"="wjview /cp:p \"C:\\Program Files\\websearch\\System\\Code\" Main lp: \"C:\\Program Files\\websearch\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"AltnetPointsManager"="C:\\Program Files\\Altnet\\Points Manager\\Points Manager.exe -s "
"updmgr"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"BlockChecker"="C:\\Program Files\\Block Checker\\block-checker.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RegistryMechanic"=""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"retsu"="C:\\Program Files\\Retsub_01\\csrss.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"werinit"="C:\\WINDOWS\\svcwinra.exe"
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"
"newname"="c:\\\\nwnmff_e10.exe"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"explorer"="C:\\Documents and Settings\\scott caines\\Xinstall.exe"
"defender"="c:\\\\dfndrff_e10.exe"
"keyboard"="c:\\\\kybrdff_e10.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\not active]
"1A:Stardock TrayMonitor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 22/09/2006 13:57:53.48
ComboFix.txt
ComboFix2.txt
rotisman38 is offline