0

This topic is intended to be read by DaniWeb member 'dlh6213'. If you can help with this problem, feel free to post, but this was made for help from 'dlh6213'.

Here is the Ewido Log (Done before running combofix):

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:49:39 PM 8/17/2006

+ Scan result:

E:\RECYCLER\NPROTECT\00423345.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\RECYCLER\NPROTECT\00423442.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\RECYCLER\NPROTECT\00423961.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\WINDOWS\system32\crosys.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\WINDOWS\system32\dtnmpntw.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\WINDOWS\system32\k4440ehqeh4e0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\WINDOWS\system32\l8p20i7oe8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\WINDOWS\system32\lv2q09f5e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\WINDOWS\system32\lwbdivx.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1592] E:\WINDOWS\system32\wlpshell.dll -> Adware.Look2Me : Error during cleaning.
[2028] E:\WINDOWS\system32\wlpshell.dll -> Adware.Look2Me : Error during cleaning.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\RECYCLER\NPROTECT\00423346.EXE -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\RECYCLER\NPROTECT\00418850.EXE -> Adware.SearchAssistant : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SpyQuake2.com -> Adware.SpywareQuake : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-2052111302-842925246-1343024091-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-2052111302-842925246-1343024091-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21B092B0-5AA5-407F-A24B-DCA2AC5DB38C}\RP13\A0011927.EXE -> Downloader.Adload.eb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21B092B0-5AA5-407F-A24B-DCA2AC5DB38C}\RP16\A0015226.EXE -> Downloader.Adload.ec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21B092B0-5AA5-407F-A24B-DCA2AC5DB38C}\RP16\A0015227.EXE -> Hijacker.VB.or : Cleaned with backup (quarantined).


::Report end

Here is the HJT Log (After running combofix):

Logfile of HijackThis v1.99.1
Scan saved at 21:15:45, on 2006-08-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
E:\Program Files\Common Files\AOL\1144647967\ee\AOLSoftware.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
E:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1144647967\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] E:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [USBToolTip] "E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "E:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [InternetCalls] "E:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe


Here is the favorited link:
http://forums.tomcoyote.org/index.php?showtopic=67457

And just in case you need it for something, the combofix Log:
Start Time= Thu 08/17/2006 21:02:39.65
Running from: E:\Documents and Settings\Hammy\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{7C7CC7C4-1B5F-4D59-A23C-00768EA976CA}]
@=""

[HKEY_CLASSES_ROOT\clsid\{7C7CC7C4-1B5F-4D59-A23C-00768EA976CA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{7C7CC7C4-1B5F-4D59-A23C-00768EA976CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{7C7CC7C4-1B5F-4D59-A23C-00768EA976CA}\InprocServer32]
@="E:\\WINDOWS\\system32\\wlpshell.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

E:\WINDOWS\SYSTEM32\o6lulg3916.dll
E:\WINDOWS\SYSTEM32\r68slgl716q.dll
E:\WINDOWS\SYSTEM32\wlpshell.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

21:03:32.83

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-26 10:37:10 148,480 "E:\WINDOWS\system32\dnsapi.dll"
2006-06-23 04:02:50 55,808 "E:\WINDOWS\system32\extmgr.dll"
2006-06-23 04:02:50 96,256 "E:\WINDOWS\system32\inseng.dll"
2006-07-28 04:28:54 3,054,080 "E:\WINDOWS\system32\mshtml.dll"
2006-06-23 04:02:52 532,480 "E:\WINDOWS\system32\mstime.dll"
2006-06-01 17:22:00 229,376 "E:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 81,920 "E:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 1,019,904 "E:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1,740,800 "E:\WINDOWS\system32\nvwssr.dll"
2006-07-25 13:33:40 613,888 "E:\WINDOWS\system32\urlmon.dll"
2006-08-12 15:15:04 137,432 "E:\WINDOWS\system32\install.exe"
2006-06-01 17:22:00 147,456 "E:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 794,624 "E:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 155,715 "E:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 19:09:24 208,896 "E:\WINDOWS\system32\nvudisp.exe"
2006-06-19 16:19:26 304,944 "E:\WINDOWS\system32\WgaTray.exe"
2006-06-23 04:02:50 151,040 "E:\WINDOWS\system32\cdfview.dll"
2006-06-23 04:02:50 357,888 "E:\WINDOWS\system32\dxtmsft.dll"
2006-06-23 04:02:50 205,312 "E:\WINDOWS\system32\dxtrans.dll"
2006-06-23 04:02:50 251,392 "E:\WINDOWS\system32\iepeers.dll"
2006-06-01 11:47:08 163,840 "E:\WINDOWS\system32\jgdw400.dll"
2006-06-01 11:47:08 27,648 "E:\WINDOWS\system32\jgpl400.dll"
2006-05-17 22:24:26 450,560 "E:\WINDOWS\system32\jscript.dll"
2006-06-23 04:02:50 16,384 "E:\WINDOWS\system32\jsproxy.dll"
2006-06-01 17:22:00 5,652,480 "E:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 3,100,672 "E:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 581,632 "E:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 188,416 "E:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 888,832 "E:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 5,632,000 "E:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 466,944 "E:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 2,924,544 "E:\WINDOWS\system32\nvvitvs.dll"
2006-06-23 04:02:52 39,424 "E:\WINDOWS\system32\pngfilt.dll"
2006-06-23 04:02:52 1,494,016 "E:\WINDOWS\system32\shdocvw.dll"
2006-07-13 06:33:28 8,453,632 "E:\WINDOWS\system32\shell32.dll"
2006-06-23 04:02:52 474,112 "E:\WINDOWS\system32\shlwapi.dll"
2006-08-12 15:14:30 147,456 "E:\WINDOWS\system32\vbzip10.dll"
2006-06-23 04:02:52 658,944 "E:\WINDOWS\system32\wininet.dll"
2006-06-23 04:02:50 1,054,208 "E:\WINDOWS\system32\danim.dll"
2006-07-21 01:24:44 72,704 "E:\WINDOWS\system32\hlink.dll"
2006-06-01 17:22:00 196,608 "E:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 35,840 "E:\WINDOWS\system32\nvcod.dll"
2006-06-01 17:22:00 7,618,560 "E:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 1,466,368 "E:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1,257,472 "E:\WINDOWS\system32\nvwss.dll"
2006-08-14 03:55:26 34 "E:\WINDOWS\cgroy.dll"
2006-06-04 14:09:06 6,336 "E:\WINDOWS\mozver.dat"
2006-08-14 03:55:10 53 "E:\WINDOWS\vcoben.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


08/14/2006 03:55 AM 53 vcoben.dat.vir
08/14/2006 03:55 AM 34 cgroy.dll.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-12 15:15:04 137,432 "E:\WINDOWS\system32\install.exe"
2006-06-01 17:22:00 147,456 "E:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 794,624 "E:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 155,715 "E:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 19:09:24 208,896 "E:\WINDOWS\system32\nvudisp.exe"
2006-06-19 16:19:26 304,944 "E:\WINDOWS\system32\WgaTray.exe"
2006-06-23 04:02:50 151,040 "E:\WINDOWS\system32\cdfview.dll"
2006-06-23 04:02:50 357,888 "E:\WINDOWS\system32\dxtmsft.dll"
2006-06-23 04:02:50 205,312 "E:\WINDOWS\system32\dxtrans.dll"
2006-06-23 04:02:50 251,392 "E:\WINDOWS\system32\iepeers.dll"
2006-06-01 11:47:08 163,840 "E:\WINDOWS\system32\jgdw400.dll"
2006-06-01 11:47:08 27,648 "E:\WINDOWS\system32\jgpl400.dll"
2006-05-17 22:24:26 450,560 "E:\WINDOWS\system32\jscript.dll"
2006-06-23 04:02:50 16,384 "E:\WINDOWS\system32\jsproxy.dll"
2006-06-01 17:22:00 5,652,480 "E:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 3,100,672 "E:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 581,632 "E:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 188,416 "E:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 888,832 "E:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 5,632,000 "E:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 466,944 "E:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 2,924,544 "E:\WINDOWS\system32\nvvitvs.dll"
2006-06-23 04:02:52 39,424 "E:\WINDOWS\system32\pngfilt.dll"
2006-06-23 04:02:52 1,494,016 "E:\WINDOWS\system32\shdocvw.dll"
2006-07-13 06:33:28 8,453,632 "E:\WINDOWS\system32\shell32.dll"
2006-06-23 04:02:52 474,112 "E:\WINDOWS\system32\shlwapi.dll"
2006-08-12 15:14:30 147,456 "E:\WINDOWS\system32\vbzip10.dll"
2006-06-23 04:02:52 658,944 "E:\WINDOWS\system32\wininet.dll"
2006-06-26 10:37:10 148,480 "E:\WINDOWS\system32\dnsapi.dll"
2006-06-23 04:02:50 55,808 "E:\WINDOWS\system32\extmgr.dll"
2006-06-23 04:02:50 96,256 "E:\WINDOWS\system32\inseng.dll"
2006-07-28 04:28:54 3,054,080 "E:\WINDOWS\system32\mshtml.dll"
2006-06-23 04:02:52 532,480 "E:\WINDOWS\system32\mstime.dll"
2006-06-01 17:22:00 229,376 "E:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 81,920 "E:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 1,019,904 "E:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1,740,800 "E:\WINDOWS\system32\nvwssr.dll"
2006-07-25 13:33:40 613,888 "E:\WINDOWS\system32\urlmon.dll"
2006-06-23 04:02:50 1,054,208 "E:\WINDOWS\system32\danim.dll"
2006-07-21 01:24:44 72,704 "E:\WINDOWS\system32\hlink.dll"
2006-06-01 17:22:00 196,608 "E:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 35,840 "E:\WINDOWS\system32\nvcod.dll"
2006-06-01 17:22:00 7,618,560 "E:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 1,466,368 "E:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1,257,472 "E:\WINDOWS\system32\nvwss.dll"
2006-06-04 14:09:06 6,336 "E:\WINDOWS\mozver.dat"


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


E:\Documents and Settings\Hammy\Application Data\Sskknwrd.dll
E:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

21:08:20.39
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\Documents and Settings\LocalService\Application Data\NetMon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-14 03:55:30 1167 ( A.... ) "E:\WINDOWS\system32\aaa00000.sys"
2006-08-14 03:55:30 1167 ( A.... ) "E:\WINDOWS\system32\aaa00000.sys"
2006-08-14 03:54:50 155648 ( A.... ) "E:\WINDOWS\ms0653041062932006.exe"
2006-08-14 03:53:22 ( .D... ) "E:\Documents and Settings\Hammy\Application Data\Prevx"
2006-08-14 03:48:30 ( .D... ) "E:\Program Files\Prevx1"
2006-08-12 20:48:16 52224 ( A.... ) "E:\WINDOWS\ipuninst.exe"
2006-08-12 15:16:40 1167 ( A.... ) "E:\WINDOWS\system32\wdoef2e6.sys"
2006-08-12 15:16:40 1167 ( A.... ) "E:\WINDOWS\system32\wdoef2e6.sys"
2006-08-12 15:15:58 ( .D... ) "E:\Program Files\Common Files\iffk"
2006-08-12 15:15:40 186 ( A.... ) "E:\WINDOWS\system32\n.bat"
2006-08-12 15:15:08 ( .D... ) "E:\Program Files\Common Files\{54A265AD-0640-1033-0106-041111030001}"
2006-08-12 15:15:04 137432 ( A.... ) "E:\WINDOWS\system32\install.exe"
2006-08-12 15:14:30 147456 ( A.... ) "E:\WINDOWS\system32\vbzip10.dll"
2006-08-12 15:13:08 462 ( A.... ) "E:\Program Files\xerox.lnk"
2006-07-27 06:24:46 679424 ( A.... ) "E:\WINDOWS\system32\inetcomm.dll"
2006-07-21 18:55:38 127578 ( A.... ) "E:\WINDOWS\system32\tsuninst.exe"
2006-07-21 01:24:44 72704 ( A.... ) "E:\WINDOWS\system32\hlink.dll"
2006-07-21 00:25:24 ( .D... ) "E:\Program Files\DaemonTools_WhenUSaveNow_Installer"
2006-07-21 00:25:06 ( .D... ) "E:\Program Files\DAEMON Tools"
2006-07-19 18:50:54 ( .D... ) "E:\Documents and Settings\Hammy\Application Data\.BitTornado"
2006-07-19 18:48:42 ( .D... ) "E:\Program Files\BitTornado"
2006-07-15 00:24:58 ( .D... ) "E:\Program Files\Microsoft Games"
2006-07-14 13:41:52 ( .D... ) "E:\Program Files\Common Files\MAGIX Shared"
2006-07-14 08:31:40 332288 ( A.... ) "E:\WINDOWS\system32\netapi32.dll"
2006-07-13 06:33:28 8453632 ( A.... ) "E:\WINDOWS\system32\shell32.dll"
2006-07-10 02:23:52 ( .D... ) "E:\Program Files\ewido anti-spyware 4.0"
2006-07-06 22:15:08 ( .D... ) "E:\Program Files\Bulent's Screen Recorder"
2006-07-05 03:55:02 984064 ( A.... ) "E:\WINDOWS\system32\kernel32.dll"
2006-07-01 00:30:10 ( .D... ) "E:\Program Files\Common Files\aolshare"
2006-06-26 10:37:10 148480 ( A.... ) "E:\WINDOWS\system32\dnsapi.dll"
2006-06-26 10:37:10 8192 ( A.... ) "E:\WINDOWS\system32\rasadhlp.dll"
2006-06-24 22:44:44 ( .D... ) "E:\Program Files\AAALOGO"
2006-06-19 16:20:42 702768 ( A.... ) "E:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 14:34:44 48936 ( A.... ) "E:\WINDOWS\system32\sirenacm.dll"
2006-06-16 14:27:00 116 ( A.... ) "E:\WINDOWS\system32\SYSVCDRV.SYS"
2006-06-01 19:09:24 208896 ( A.... ) "E:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( A.... ) "E:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( A.... ) "E:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "E:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "E:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "E:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "E:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "E:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "E:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "E:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "E:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "E:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "E:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "E:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "E:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "E:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "E:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "E:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "E:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "E:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "E:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "E:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "E:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "E:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "E:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "E:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "E:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "E:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "E:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "E:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( A.... ) "E:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "E:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "E:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "E:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "E:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "E:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "E:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "E:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "E:\WINDOWS\system32\nvcod.dll"
2006-05-31 07:24:16 230168 ( A.... ) "E:\WINDOWS\system32\xactengine2_2.dll"
2006-05-19 05:59:42 111616 ( A.... ) "E:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "E:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-17 19:44 178,408 E:\WINDOWS\system32\muweb.dll
2006-08-16 11:17 402,182,144 E:\hiberfil.sys
2006-08-14 03:55 1,167 E:\WINDOWS\system32\aaa00000.sys
2006-08-14 03:54 155,648 E:\WINDOWS\ms0653041062932006.exe
2006-08-12 20:48 52,224 E:\WINDOWS\ipuninst.exe
2006-08-12 15:16 1,167 E:\WINDOWS\system32\wdoef2e6.sys
2006-08-12 15:15 186 E:\WINDOWS\system32\n.bat
2006-08-12 15:15 137,432 E:\WINDOWS\system32\install.exe
2006-08-12 15:15 127,578 E:\WINDOWS\system32\tsuninst.exe
2006-08-12 15:14 147,456 E:\WINDOWS\system32\vbzip10.dll
2006-08-01 01:50 136,704 E:\WINDOWS\system32\GRDKRN32.DLL
2006-08-01 01:49 721,168 E:\WINDOWS\system32\VB40032.DLL
2006-08-01 01:49 60,416 E:\WINDOWS\ST4UNST.EXE
2006-08-01 01:49 24,576 E:\WINDOWS\system32\stkit432.dll
2006-07-28 10:55 62,672 E:\WINDOWS\system32\xinput1_1.dll
2006-07-28 10:55 61,136 E:\WINDOWS\system32\xinput9_1_0.dll
2006-07-28 10:55 230,168 E:\WINDOWS\system32\xactengine2_2.dll
2006-07-28 10:55 230,096 E:\WINDOWS\system32\xactengine2_0.dll
2006-07-28 10:55 229,584 E:\WINDOWS\system32\xactengine2_1.dll
2006-07-28 10:55 2,388,176 E:\WINDOWS\system32\d3dx9_30.dll
2006-07-28 10:55 2,332,368 E:\WINDOWS\system32\d3dx9_29.dll
2006-07-28 10:55 2,323,664 E:\WINDOWS\system32\d3dx9_28.dll
2006-07-28 10:55 2,319,568 E:\WINDOWS\system32\d3dx9_27.dll
2006-07-28 10:55 14,032 E:\WINDOWS\system32\x3daudio1_0.dll
2006-07-28 10:54 2,222,800 E:\WINDOWS\system32\d3dx9_24.dll
2006-07-28 10:53 208,896 E:\WINDOWS\system32\NVUNINST.EXE
2006-07-26 10:33 2,337,488 E:\WINDOWS\system32\d3dx9_25.dll
2006-07-26 10:33 2,297,552 E:\WINDOWS\system32\d3dx9_26.dll
2006-07-22 18:46 53,248 E:\WINDOWS\system32\Process.exe
2006-07-22 18:46 42,496 E:\WINDOWS\system32\swreg.exe
2006-07-22 18:46 40,960 E:\WINDOWS\system32\swsc.exe
2006-07-22 18:46 288,417 E:\WINDOWS\system32\SrchSTS.exe
2006-07-15 00:26 56,832 E:\WINDOWS\system32\iyvu9_32.dll
2006-07-15 00:26 143,872 E:\WINDOWS\system32\iacenc.dll
2006-07-14 13:41 94,208 E:\WINDOWS\system32\DLLCPY32.dll
2006-07-14 13:41 65,536 E:\WINDOWS\system32\DLLPTL32.dll
2006-07-14 13:41 61,440 E:\WINDOWS\system32\DLLCDF32.dll
2006-07-14 13:41 57,344 E:\WINDOWS\system32\DLLTPO32.dll
2006-07-14 13:41 53,248 E:\WINDOWS\system32\DLLPRJ32.dll
2006-07-14 13:41 49,152 E:\WINDOWS\system32\DLLPRF32.dll
2006-07-14 13:41 49,152 E:\WINDOWS\system32\DLLIO32.dll
2006-07-14 13:41 462,848 E:\WINDOWS\system32\DLLAV32.dll
2006-07-14 13:41 45,056 E:\WINDOWS\system32\DLLIMG32.dll
2006-07-14 13:41 430,080 E:\WINDOWS\system32\MXRestore.exe
2006-07-14 13:41 40,960 E:\WINDOWS\system32\DLLRD32.dll
2006-07-14 13:41 36,864 E:\WINDOWS\system32\DLLPNT32.dll
2006-07-14 13:41 32,768 E:\WINDOWS\system32\STRING32.dll
2006-07-14 13:41 32,768 E:\WINDOWS\system32\DLLMSC32.dll
2006-07-14 13:41 32,768 E:\WINDOWS\system32\DLLISO32.dll
2006-07-14 13:41 32,768 E:\WINDOWS\system32\DLLDIR32.dll
2006-07-14 13:41 24,576 E:\WINDOWS\system32\TTIC32.dll
2006-07-14 13:41 24,576 E:\WINDOWS\system32\TTI32.dll
2006-07-14 13:41 24,576 E:\WINDOWS\system32\DLLIX.dll
2006-07-14 13:41 188,416 E:\WINDOWS\system32\DLLRES32.dll
2006-07-14 13:41 163,840 E:\WINDOWS\system32\DLLDEV32.dll
2006-07-14 13:41 151,552 E:\WINDOWS\system32\DLLDRV32.dll
2006-07-14 13:41 114,688 E:\WINDOWS\system32\DLLCDA32.dll
2006-07-14 13:40 85,504 E:\WINDOWS\system32\HtmlWH.dll
2006-07-14 13:40 49,152 E:\WINDOWS\system32\INETWH32.dll
2006-07-14 13:40 1,089,536 E:\WINDOWS\system32\ROBOEX32.DLL
2006-07-14 13:39 622,592 E:\WINDOWS\system32\mgxoschk.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"PinnacleDriverCheck"="E:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"HostManager"="E:\\Program Files\\Common Files\\AOL\\1144647967\\ee\\AOLSoftware.exe"
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IPHSend"="E:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"USBToolTip"="\"E:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe\""
"DAEMON Tools"="\"E:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PrevxOne"="E:\\Program Files\\Prevx1\\PXConsole.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"E:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"SP2 Connection Patcher"="\"E:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"Aim6"=""
"InternetCalls"="\"E:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe\" -nosplash -minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="regperf.exe"
"dcomcfg.exe"="dcomcfg.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{54A265AD-0640-1033-0106-041111030001}"="\"E:\\Program Files\\Common Files\\{54A265AD-0640-1033-0106-041111030001}\\Update.exe\" mc-110-12-0000140"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="E:\\Program Files\\Common Files\\pojox.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="E:\\Program Files\\Internet Explorer\\megevuv.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="file://localhost/C:/MonstersGame/Skins/img/contentbg.png"
"SubscribedURL"="file://localhost/C:/MonstersGame/Skins/img/contentbg.png"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,10,03,00,00,15,01,00,00,20,03,00,00,a0,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,10,03,00,00,15,01,00,00,20,03,00,00,a0,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,c6,02,f3,99,83,7c,70,9a,80,7c,ff,ff,ff,ff,66,9a,\
80,7c,66,9a,80,7c

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e4,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Instant Messenger.lnk]
"path"="E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL Instant Messenger.lnk"
"backup"="E:\\WINDOWS\\pss\\AOL Instant Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\AIM\\aim.exe "
"item"="AOL Instant Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="E:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="E:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Hammy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="E:\\Documents and Settings\\Hammy\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="E:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="E:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="E:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="E:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb10"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\NORTON~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pctspk"
"hkey"="HKLM"
"command"="pctspk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP2 Connection Patcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SP2ConnPatcher"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="E:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMCCFG"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="E:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)

Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 2006-08-17 21:09:09.33
ComboFix ver 06.07.15/30 - This logfile is located at E:\ComboFix.txt

ComboFix.2006-08-17.210239.txt

Have fun @ work! :-)

2
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by dlh6213
0

EDIT:: I ran adware and cleared up 17 infected things, and then ran ewido and it didn't find anything. I scanned with HJT again, and noticed 2 things had dissappeared from the previous log:

O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
and
F2 - REG:system.ini: UserInit=userinit.exe

The computer seems clean now, no more of those pop ups, but still better have a look just to be sure. :)

0

Follow the instructions in the links below to make sure the infections have been completely removed--

Adware.NewDotNet:
http://www.newdotnet.com/removal.html

Adware.Look2Me:
http://www.daniweb.com/techtalkforums/showthread.php?t=52205&highlight=look2me

SpywareQuake:
Post #2 of this thread -- http://www.daniweb.com/techtalkforums/showthread.php?t=51665&highlight=SpywareQuake

Do a search for SurfSide and delete any instances found

Run CCleaner and then reboot.

Set a new System Restore point.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.