Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surfsidekick 3


  • This topic is locked This topic is locked
16 replies to this topic

#1 KellenT

KellenT

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 01 August 2006 - 02:10 PM

I've been trying for a couple days now to get this SurfSideKick3 off my computer. I've tried ad-aware, spybot s&d, tried working from the regedit angle. Got Stinger and Avenger trying to clean the mess up but to no avail. Here's my hijackthis log. Any help would be greatly appreciated. Thanks,

Kellen

Logfile of HijackThis v1.99.1
Scan saved at 3:04:21 PM, on 01/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\mptft.exe
C:\WINDOWS\System32\fhsxc.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\ahnciup.exe
C:\WINDOWS\System32\ssec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\tfthot.exe
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}\Update.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\U2thcmU\command.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ipconfig.exe
C:\Documents and Settings\Kel\Desktop\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt2.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\System32\fhsxc.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Program Files\pokerrewardsMPP\MPPoker.exe
O9 - Extra button: Aztec Riches Poker - {7FCF69CA-B1D5-4b13-A6B0-31020DD5A976} - C:\Program Files\aztecrichesMPP\MPPoker.exe
O9 - Extra button: POKER - {B736E0DC-CCE3-4e3c-B14F-403FC1569583} - C:\Program Files\BattleFieldPokerMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Program Files\PokermMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://takoshi99.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Kel\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/w...OCX/FlashAX.cab
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\System32\ubbv.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\n84s0ih7e84.dll
O21 - SSODL: contraposition - {3dab4d3e-1d45-406e-9cda-25227a7a2633} - C:\WINDOWS\System32\onofub.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2thcmU\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hzzjqtt.exe (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 AM

Posted 01 August 2006 - 04:21 PM

Hello Kellen, welcome to Bleeping Computer.

Your system is terribly infected. The problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show. Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change all your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

I need a little more infomation from you before we continue.
Although the instructions look long, most scans take a few seconds.

1) Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

2) Open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here

3) Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

4) * Please download SmitfraudFix (by S!Ri)
  • Extract the content (a folder named SmitfraudFix) to your Desktop.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #1 - Search by typing 1, and press Enter.
  • A text file will appear, which lists infected files (if present).
  • Please copy/paste the content of that report into your next reply.
  • Note : process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes.
Please post back with:
1) A new Hijackthis log
2) The startup list
3) The uninstall list
4) The combofix log.
5) The smitfraudfix log.

David

Edited by D-Trojanator, 01 August 2006 - 04:22 PM.


#3 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 01 August 2006 - 04:52 PM

Hi David,
Thanks for replying so quickly. I'm wondering if I'm better off just reformatting... sigh. Here are the lists you were asking for:

Kellen





Logfile of HijackThis v1.99.1
Scan saved at 5:48:21 PM, on 01/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\mptft.exe
C:\WINDOWS\System32\fhsxc.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}\Update.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\ssec.exe
C:\WINDOWS\System32\tfthot.exe
C:\WINDOWS\System32\ahnciup.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kel\Desktop\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt2.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\System32\ubbv.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\System32\fhsxc.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Program Files\pokerrewardsMPP\MPPoker.exe
O9 - Extra button: Aztec Riches Poker - {7FCF69CA-B1D5-4b13-A6B0-31020DD5A976} - C:\Program Files\aztecrichesMPP\MPPoker.exe
O9 - Extra button: POKER - {B736E0DC-CCE3-4e3c-B14F-403FC1569583} - C:\Program Files\BattleFieldPokerMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Program Files\PokermMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://takoshi99.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Kel\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/w...OCX/FlashAX.cab
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\System32\ubbv.dll
O21 - SSODL: contraposition - {3dab4d3e-1d45-406e-9cda-25227a7a2633} - C:\WINDOWS\System32\onofub.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hzzjqtt.exe (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)








StartupList report, 01/08/2006, 5:30:54 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Kel\Desktop\alternativ.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\mptft.exe
C:\WINDOWS\System32\fhsxc.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\ahnciup.exe
C:\WINDOWS\System32\ssec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\tfthot.exe
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}\Update.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\U2thcmU\command.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kel\Desktop\alternativ.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMan = SOUNDMAN.EXE
ftexc = C:\WINDOWS\System32\mptft.exe
tSdURg2 = "C:\WINDOWS\System32\fhsxc.exe"
WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
SurfSideKick 3 = C:\Program Files\SurfSideKick 3\Ssk.exe
IpWins = C:\Program Files\ipwins\ipwins.exe
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

CPQHotkeys = hotkeysvc.exe
CTHelper = cthelper.exe
PcSync = PCsync.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CPQHotkeys = hotkeysvc.exe
CTHelper = cthelper.exe
SurfSideKick 3 = C:\Program Files\SurfSideKick 3\Ssk.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

CPQHotkeys = hotkeysvc.exe
CTHelper = cthelper.exe
PcSync = PCsync.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=repairs303169590.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\System32\ixt2.dll - {873eb32d-ae1a-4183-89bd-45a77f761be4}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\WINDOWS\System32\ubbv.dll - {DFE7D27E-C021-4C72-80F3-254B776E0992}
(no name) - (no file) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66}

--------------------------------------------------

Enumerating Task Scheduler jobs:

FRU Task #Hewlett-Packard#hp psc 2100 series#1064650550.job

--------------------------------------------------

Enumerating Download Program Files:

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://takoshi99.spaces.msn.com//PhotoUpload/MsnPUpld.cab

[{5526B4C6-63D6-41A1-9783-0FABF529859A}]
CODEBASE = mk:@MSITStore:C:\DOCUME~1\Kel\LOCALS~1\Temp\mma.chm::/joysavsht.cab

[{A1426AC5-8CE5-4A00-B71E-011D35709AC6}]
CODEBASE = http://advnt01.com/dialer/int_ver34.CAB

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[FlashXControl Object]
InProcServer32 = C:\WINDOWS\system32\FlashAX\FlashAX.ocx
CODEBASE = https://register3.valueactive.com/mpp_229/w...OCX/FlashAX.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\ceypt32.dll|||e

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
contraposition: C:\WINDOWS\System32\onofub.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

{C04D71EA-04B0-1033-0212-030208230002} = "C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}\Update.exe" mc-110-12-0000103

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

ishost.exe = ishost.exe
kernel32.dll = C:\WINDOWS\System32\isnotify.exe
issearch.exe = issearch.exe

--------------------------------------------------

End of report, 7,944 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only









A4Tech iWheelWorks V7.40
Ad-Aware SE Personal
Adobe Reader 7.0.7
Ahead Nero Burning ROM
aspi
ATI Control Panel
ATI Display Driver
ATI DVD Decoder 2.1.0.1
ATI Multimedia Center 8.1.0.0
ATI Remote Wonder 1.4
Aztec Riches Poker
BitTorrent 4.0.1
BitTorrent S-5.8.7 (SHAD0W's Experimental)
CCHelp
CCScore
Command
CR2
Creative DVD Audio Plugin for Audigy Series
DAO
DivX Player
DivX Pro Codec Adware
DotComToolbarNL - Toolbar
EAX™ Unified (SHELL)
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
FlashGet(JetCar)
Forethought
Free Solitaire
Full Tilt Poker
GNU Backgammon 0.14.3-devel
Gold Miner SE Free Trial
GoldWave v5.13
GUIDE PLUS+™ for Windows® System - ATI
HijackThis 1.99.1
hp instant support
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
hp psc 2100 series
HydraVision
Image Transfer
InterActual Player
InterVideo WinDVD 6
iPod for Windows 2006-06-28
IpWins
iTunes
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_06
Kazaa Lite K++ v2.4.3
K-Lite Codec Pack
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Microsoft Internet Explorer 6 SP1
Microsoft Office XP Professional with FrontPage
Microsoft XML Parser and SDK
Mozilla Firefox (1.0.7)
MSN Messenger 7.0
MSN Toolbar
Network Monitor
Nimo Codecs Pack v4.33 (Remove Only)
Notifier
OpenMG Limited Patch 4.2-05-07-27-01
OpenMG Secure Module 4.2.00
OTtBP
Outlook Express Q837009
Pacific Poker
Paradise Poker
PartyPoker
PCDLNCH
Play65
Poker Rewards
Poker Rewards Calculator 1.0
PokerRoom.com (remove only)
Pokershare Poker
Quicklinks
QuickTax 2003 Standard Download
QuickTime
Readiris 7.5
Realtek AC'97 Audio
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Royal Vegas Poker
SelectRebates
SFR
SFR2
SonicStage 3.2
Sony USB Driver
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Surf SideKick
SystemDoctor 2006 1.1.72.1
Titan Poker
ToolBar888
UCmore - The Search Accelerator
UltimateBet
Video Poker Calculator 2.0
VideoLAN VLC media player 0.8.2
WBC Digital Player
Winamp (remove only)
Win-dh
Windows Blaster Worm Removal Tool (KB833330)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player Hotfix [See wm828026 for more information]
Windows Overlay Components
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q321856 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinRAR archiver
Win-Tools Easy Installer (by WebSearch)
WinZip
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
your Poker Room
ZoneAlarm








Start Time= 01/08/2006 17:36:56.65
Running from: C:\Documents and Settings\Kel\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ceypt32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\f22m0cf1ef2.dll
C:\WINDOWS\SYSTEM32\gp02l3do1.dll
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\hfetmon.dll
C:\WINDOWS\SYSTEM32\s6880glue6q80.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Kel\Application Data\Sskknwrd.dll
C:\Documents and Settings\Kel\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Kel\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\Common Files\Sony Shared\PD\NW-E200_E300 series manuals\SSKR.pdf
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\Prefetch\SSKUPDATER3.EXE-024DA136.pf
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



17:41:26.68
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\drsmartload45a7i.exe
C:\drsmartload46a7i.exe
C:\drsmartload849a7i.exe
C:\dfndrff_7.exe
C:\dfndrfg_7.exe
C:\nwnmff_7.exe
C:\nwnmfg_7.exe
C:\kybrdff_7.exe
C:\kybrdfg_7.exe
C:\Documents and Settings\Kel\Local Settings\Temp\drsmartload180a.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\warebundlenewer.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\WINDOWS\U2thcmU


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 01:21:30 ( .D... ) "C:\Program Files\Common Files\NSV"
2006-08-01 14:02:18 41984 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-08-01 14:02:18 12288 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-08-01 13:50:30 ( .D... ) "C:\Program Files\Zone Labs"
2006-08-01 13:32:36 ( .D... ) "C:\Program Files\ipwins"
2006-08-01 12:33:24 234272 ( ..S.R ) "C:\WINDOWS\system32\t0r80a9ued.dll"
2006-08-01 12:08:56 234272 ( ..S.R ) "C:\WINDOWS\system32\n84s0ih7e84.dll"
2006-08-01 11:24:22 1064 ( A.... ) "C:\WINDOWS\system32\cqx5550c.sys"
2006-08-01 11:24:22 1064 ( A.... ) "C:\WINDOWS\system32\cqx5550c.sys"
2006-07-31 22:19:18 221184 ( A.... ) "C:\WINDOWS\system32\ubbv.dll"
2006-07-31 22:19:18 28672 ( A.... ) "C:\WINDOWS\system32\iqrdy2c1.exe"
2006-07-31 22:19:16 45056 ( A.... ) "C:\WINDOWS\System32tfthot.exe"
2006-07-31 22:19:16 28672 ( A.... ) "C:\WINDOWS\System32ftuninst.exe"
2006-07-31 22:19:16 24576 ( A.... ) "C:\WINDOWS\System32ssec.exe"
2006-07-31 22:19:14 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-07-31 22:19:14 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-07-31 22:19:14 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-31 22:19:10 57344 ( A.... ) "C:\WINDOWS\kiuj0v.exe"
2006-07-31 22:19:08 ( .D... ) "C:\Program Files\ToolBar888"
2006-07-31 22:19:00 139264 ( A.... ) "C:\WINDOWS\MirarSetup_876075.exe"
2006-07-31 22:08:08 578560 ( A.... ) "C:\Installer3.exe"
2006-07-31 22:07:56 ( .D... ) "C:\Program Files\TheSearchAccelerator"
2006-07-31 22:07:52 517168 ( A.... ) "C:\ucmoreiex.exe"
2006-07-31 22:07:34 30208 ( A.... ) "C:\SS1001newer.exe"
2006-07-31 22:07:32 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
2006-07-31 22:07:20 48190 ( A.... ) "C:\RDFX4.exe"
2006-07-31 11:31:24 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-30 21:41:46 ( .D... ) "C:\Documents and Settings\Kel\Application Data\SystemDoctor 2006 Free"
2006-07-30 21:31:34 ( .D... ) "C:\Program Files\SystemDoctor 2006 Free"
2006-07-30 21:30:26 155136 ( A.... ) "C:\WINDOWS\system32\oins.exe"
2006-07-30 21:30:26 39424 ( A.... ) "C:\WINDOWS\mtuninst.exe"
2006-07-30 21:29:32 14617 ( A.... ) "C:\WINDOWS\xload.exe"
2006-07-30 21:26:50 ( .D... ) "C:\Program Files\TClock"
2006-07-30 21:26:50 ( .D... ) "C:\Program Files\InetGet2"
2006-07-30 21:26:00 61440 ( A.... ) "C:\WINDOWS\system32\cqx5550c.dll"
2006-07-30 21:25:52 29696 ( A.... ) "C:\WINDOWS\system32\w24b92d2.dll"
2006-07-30 21:25:48 2560 ( A.... ) "C:\ac3_0010.exe"
2006-07-30 21:25:30 ( .D... ) "C:\Program Files\Common Files\fifu"
2006-07-30 21:25:20 143360 ( A.... ) "C:\WINDOWS\sys02068666390-1.exe"
2006-07-30 21:25:12 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-30 21:25:04 467968 ( A.... ) "C:\visfx500new.exe"
2006-07-30 21:24:54 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-07-30 21:24:54 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-07-30 21:24:44 380928 ( A.... ) "C:\WINDOWS\system32\WinNB58.dll"
2006-07-30 21:24:42 ( .D... ) "C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
2006-07-30 21:24:38 ( .D... ) "C:\Program Files\Cowabanga"
2006-07-30 10:45:08 2 ( A.... ) "C:\WINDOWS\system32\wnstssu.exe"
2006-07-29 15:12:34 ( .D... ) "C:\Documents and Settings\Kel\Application Data\Apple Computer"
2006-07-29 15:10:06 ( .D... ) "C:\Program Files\iTunes"
2006-07-29 15:08:00 ( .D... ) "C:\Program Files\iPod"
2006-07-27 22:21:08 41984 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-07-27 22:09:48 41984 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-07-27 20:58:32 ( .D... ) "C:\Program Files\NoAdware4"
2006-07-27 20:27:16 ( .D... ) "C:\Program Files\SpyQuake2.com"
2006-07-27 20:27:04 61440 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-07-27 20:27:04 8760 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-07-27 20:25:08 99856 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-07-25 15:41:50 491520 ( ..SHR ) "C:\WINDOWS\system32\WWEXEC~1.EXE"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-21 00:39:08 ( .D... ) "C:\Program Files\BattleFieldPokerMPP"
2006-07-13 15:56:50 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-07-13 15:13:22 1163264 ( A.... ) "C:\WINDOWS\system32\fhsxc.exe"
2006-07-13 15:13:08 36864 ( A.... ) "C:\WINDOWS\system32\ahnciup.exe"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-07-09 13:41:58 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\Common Files\howyl.html"
2006-06-03 14:10:06 ( .D... ) "C:\Program Files\GoldWave"
2006-05-24 10:07:52 401989 ( A.... ) "C:\WINDOWS\system32\e1k8mrc7.exe"
2006-05-24 10:06:34 143421 ( A.... ) "C:\WINDOWS\system32\0vvhm711.dll"
2006-05-22 12:13:42 41984 ( A.... ) "C:\WINDOWS\system32\cqk7m3vm.exe"
2006-05-22 12:13:08 74240 ( A.... ) "C:\WINDOWS\1h71l0ke.exe"
2006-05-09 23:39:24 357405 ( ..... ) "C:\WINDOWS\Titan Poker setup.exe"
2005-04-21 16:53:58 183 ( A.... ) "C:\Program Files\1SH5PL5T.bat"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-01 14:02 234,272 C:\WINDOWS\system32\t0r80a9ued.dll
2006-08-01 13:50 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-08-01 13:50 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-08-01 13:50 59,384 C:\WINDOWS\system32\vswmi.dll
2006-08-01 13:50 392,824 C:\WINDOWS\system32\vsdatant.sys
2006-08-01 13:50 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-08-01 13:50 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-08-01 13:50 100,344 C:\WINDOWS\system32\vsxml.dll
2006-08-01 13:49 83,960 C:\WINDOWS\system32\vsdata.dll
2006-08-01 13:49 440,312 C:\WINDOWS\system32\vsutil.dll
2006-08-01 13:49 157,688 C:\WINDOWS\system32\vsinit.dll
2006-08-01 12:32 234,272 C:\WINDOWS\system32\n84s0ih7e84.dll
2006-07-31 22:19 57,344 C:\WINDOWS\kiuj0v.exe
2006-07-31 22:19 45,056 C:\WINDOWS\System32tfthot.exe
2006-07-31 22:19 45,056 C:\WINDOWS\system32\tfthot.exe
2006-07-31 22:19 36,864 C:\WINDOWS\system32\ahnciup.exe
2006-07-31 22:19 28,672 C:\WINDOWS\System32ftuninst.exe
2006-07-31 22:19 28,672 C:\WINDOWS\system32\iqrdy2c1.exe
2006-07-31 22:19 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-07-31 22:19 24,576 C:\WINDOWS\System32ssec.exe
2006-07-31 22:19 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-31 22:19 221,184 C:\WINDOWS\system32\ubbv.dll
2006-07-31 22:19 143,360 C:\WINDOWS\system32\mptft.exe
2006-07-31 22:19 1,163,264 C:\WINDOWS\system32\fhsxc.exe
2006-07-31 22:18 139,264 C:\WINDOWS\MirarSetup_876075.exe
2006-07-31 22:08 578,560 C:\Installer3.exe
2006-07-31 22:07 517,168 C:\ucmoreiex.exe
2006-07-31 22:07 48,190 C:\RDFX4.exe
2006-07-31 22:07 30,208 C:\SS1001newer.exe
2006-07-31 22:07 14,848 C:\stub_113_4_0_4_0newer.exe
2006-07-30 21:29 14,617 C:\WINDOWS\xload.exe
2006-07-30 21:25 61,440 C:\WINDOWS\system32\cqx5550c.dll
2006-07-30 21:25 29,696 C:\WINDOWS\system32\w24b92d2.dll
2006-07-30 21:25 232,749 C:\WINDOWS\pf78.exe
2006-07-30 21:25 2,560 C:\ac3_0010.exe
2006-07-30 21:25 143,360 C:\WINDOWS\sys02068666390-1.exe
2006-07-30 21:25 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-30 21:25 1,064 C:\WINDOWS\system32\cqx5550c.sys
2006-07-30 21:24 53,120 C:\WINDOWS\optimize.exe
2006-07-30 21:24 467,968 C:\visfx500new.exe
2006-07-30 21:24 380,928 C:\WINDOWS\system32\WinNB58.dll
2006-07-30 21:24 32,768 C:\WINDOWS\unstall.exe
2006-07-27 22:52 491,520 C:\WINDOWS\system32\WWEXEC~1.EXE
2006-07-27 22:25 41,984 C:\WINDOWS\system32\ixt2.dll
2006-07-27 22:18 41,984 C:\WINDOWS\system32\ixt1.dll
2006-07-27 20:27 8,760 C:\WINDOWS\system32\isnotify.exe
2006-07-27 20:27 61,440 C:\WINDOWS\system32\issearch.exe
2006-07-27 20:27 41,984 C:\WINDOWS\system32\ixt0.dll
2006-07-27 20:25 99,856 C:\WINDOWS\system32\ishost.exe
2006-07-27 20:25 12,288 C:\WINDOWS\system32\ismon.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ftexc"="C:\\WINDOWS\\System32\\mptft.exe"
"tSdURg2"="\"C:\\WINDOWS\\System32\\fhsxc.exe\""
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"IpWins"="C:\\Program Files\\ipwins\\ipwins.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"
"PcSync"="PCsync.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"kernel32.dll"="C:\\WINDOWS\\System32\\isnotify.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"
"PcSync"="PCsync.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C04D71EA-04B0-1033-0212-030208230002}"="\"C:\\Program Files\\Common Files\\{C04D71EA-04B0-1033-0212-030208230002}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Adobe\\kyzenekaj.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Common Files\\howyl.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"contraposition"="{3dab4d3e-1d45-406e-9cda-25227a7a2633}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 2000 Series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\officejet 6100.lnk"
"backup"="C:\\WINDOWS\\pss\\officejet 6100.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hposol08.exe "
"item"="officejet 6100"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arcnev]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="arcnev"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\arcnev.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aruogpbmw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchPd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\LaunchPd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cqx55

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 AM

Posted 01 August 2006 - 04:56 PM

Hey there...
Thanks for the logs but it looks like some were cut off.
Please post the rest in seperate replies.
David

#5 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 01 August 2006 - 07:02 PM

Whoops didnt even notice
Startup list and uninstall are on previous post.

Here's Combofix:

Start Time= 01/08/2006 17:36:56.65
Running from: C:\Documents and Settings\Kel\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ceypt32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\f22m0cf1ef2.dll
C:\WINDOWS\SYSTEM32\gp02l3do1.dll
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\hfetmon.dll
C:\WINDOWS\SYSTEM32\s6880glue6q80.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Kel\Application Data\Sskknwrd.dll
C:\Documents and Settings\Kel\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Kel\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\Common Files\Sony Shared\PD\NW-E200_E300 series manuals\SSKR.pdf
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\Prefetch\SSKUPDATER3.EXE-024DA136.pf
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



17:41:26.68
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\drsmartload45a7i.exe
C:\drsmartload46a7i.exe
C:\drsmartload849a7i.exe
C:\dfndrff_7.exe
C:\dfndrfg_7.exe
C:\nwnmff_7.exe
C:\nwnmfg_7.exe
C:\kybrdff_7.exe
C:\kybrdfg_7.exe
C:\Documents and Settings\Kel\Local Settings\Temp\drsmartload180a.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\warebundlenewer.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\WINDOWS\U2thcmU


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 01:21:30 ( .D... ) "C:\Program Files\Common Files\NSV"
2006-08-01 14:02:18 41984 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-08-01 14:02:18 12288 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-08-01 13:50:30 ( .D... ) "C:\Program Files\Zone Labs"
2006-08-01 13:32:36 ( .D... ) "C:\Program Files\ipwins"
2006-08-01 12:33:24 234272 ( ..S.R ) "C:\WINDOWS\system32\t0r80a9ued.dll"
2006-08-01 12:08:56 234272 ( ..S.R ) "C:\WINDOWS\system32\n84s0ih7e84.dll"
2006-08-01 11:24:22 1064 ( A.... ) "C:\WINDOWS\system32\cqx5550c.sys"
2006-08-01 11:24:22 1064 ( A.... ) "C:\WINDOWS\system32\cqx5550c.sys"
2006-07-31 22:19:18 221184 ( A.... ) "C:\WINDOWS\system32\ubbv.dll"
2006-07-31 22:19:18 28672 ( A.... ) "C:\WINDOWS\system32\iqrdy2c1.exe"
2006-07-31 22:19:16 45056 ( A.... ) "C:\WINDOWS\System32tfthot.exe"
2006-07-31 22:19:16 28672 ( A.... ) "C:\WINDOWS\System32ftuninst.exe"
2006-07-31 22:19:16 24576 ( A.... ) "C:\WINDOWS\System32ssec.exe"
2006-07-31 22:19:14 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-07-31 22:19:14 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-07-31 22:19:14 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-31 22:19:10 57344 ( A.... ) "C:\WINDOWS\kiuj0v.exe"
2006-07-31 22:19:08 ( .D... ) "C:\Program Files\ToolBar888"
2006-07-31 22:19:00 139264 ( A.... ) "C:\WINDOWS\MirarSetup_876075.exe"
2006-07-31 22:08:08 578560 ( A.... ) "C:\Installer3.exe"
2006-07-31 22:07:56 ( .D... ) "C:\Program Files\TheSearchAccelerator"
2006-07-31 22:07:52 517168 ( A.... ) "C:\ucmoreiex.exe"
2006-07-31 22:07:34 30208 ( A.... ) "C:\SS1001newer.exe"
2006-07-31 22:07:32 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
2006-07-31 22:07:20 48190 ( A.... ) "C:\RDFX4.exe"
2006-07-31 11:31:24 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-30 21:41:46 ( .D... ) "C:\Documents and Settings\Kel\Application Data\SystemDoctor 2006 Free"
2006-07-30 21:31:34 ( .D... ) "C:\Program Files\SystemDoctor 2006 Free"
2006-07-30 21:30:26 155136 ( A.... ) "C:\WINDOWS\system32\oins.exe"
2006-07-30 21:30:26 39424 ( A.... ) "C:\WINDOWS\mtuninst.exe"
2006-07-30 21:29:32 14617 ( A.... ) "C:\WINDOWS\xload.exe"
2006-07-30 21:26:50 ( .D... ) "C:\Program Files\TClock"
2006-07-30 21:26:50 ( .D... ) "C:\Program Files\InetGet2"
2006-07-30 21:26:00 61440 ( A.... ) "C:\WINDOWS\system32\cqx5550c.dll"
2006-07-30 21:25:52 29696 ( A.... ) "C:\WINDOWS\system32\w24b92d2.dll"
2006-07-30 21:25:48 2560 ( A.... ) "C:\ac3_0010.exe"
2006-07-30 21:25:30 ( .D... ) "C:\Program Files\Common Files\fifu"
2006-07-30 21:25:20 143360 ( A.... ) "C:\WINDOWS\sys02068666390-1.exe"
2006-07-30 21:25:12 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-30 21:25:04 467968 ( A.... ) "C:\visfx500new.exe"
2006-07-30 21:24:54 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-07-30 21:24:54 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-07-30 21:24:44 380928 ( A.... ) "C:\WINDOWS\system32\WinNB58.dll"
2006-07-30 21:24:42 ( .D... ) "C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
2006-07-30 21:24:38 ( .D... ) "C:\Program Files\Cowabanga"
2006-07-30 10:45:08 2 ( A.... ) "C:\WINDOWS\system32\wnstssu.exe"
2006-07-29 15:12:34 ( .D... ) "C:\Documents and Settings\Kel\Application Data\Apple Computer"
2006-07-29 15:10:06 ( .D... ) "C:\Program Files\iTunes"
2006-07-29 15:08:00 ( .D... ) "C:\Program Files\iPod"
2006-07-27 22:21:08 41984 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-07-27 22:09:48 41984 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-07-27 20:58:32 ( .D... ) "C:\Program Files\NoAdware4"
2006-07-27 20:27:16 ( .D... ) "C:\Program Files\SpyQuake2.com"
2006-07-27 20:27:04 61440 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-07-27 20:27:04 8760 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-07-27 20:25:08 99856 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-07-25 15:41:50 491520 ( ..SHR ) "C:\WINDOWS\system32\WWEXEC~1.EXE"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-21 00:39:08 ( .D... ) "C:\Program Files\BattleFieldPokerMPP"
2006-07-13 15:56:50 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-07-13 15:13:22 1163264 ( A.... ) "C:\WINDOWS\system32\fhsxc.exe"
2006-07-13 15:13:08 36864 ( A.... ) "C:\WINDOWS\system32\ahnciup.exe"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-07-09 13:41:58 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\Common Files\howyl.html"
2006-06-03 14:10:06 ( .D... ) "C:\Program Files\GoldWave"
2006-05-24 10:07:52 401989 ( A.... ) "C:\WINDOWS\system32\e1k8mrc7.exe"
2006-05-24 10:06:34 143421 ( A.... ) "C:\WINDOWS\system32\0vvhm711.dll"
2006-05-22 12:13:42 41984 ( A.... ) "C:\WINDOWS\system32\cqk7m3vm.exe"
2006-05-22 12:13:08 74240 ( A.... ) "C:\WINDOWS\1h71l0ke.exe"
2006-05-09 23:39:24 357405 ( ..... ) "C:\WINDOWS\Titan Poker setup.exe"
2005-04-21 16:53:58 183 ( A.... ) "C:\Program Files\1SH5PL5T.bat"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-01 14:02 234,272 C:\WINDOWS\system32\t0r80a9ued.dll
2006-08-01 13:50 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-08-01 13:50 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-08-01 13:50 59,384 C:\WINDOWS\system32\vswmi.dll
2006-08-01 13:50 392,824 C:\WINDOWS\system32\vsdatant.sys
2006-08-01 13:50 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-08-01 13:50 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-08-01 13:50 100,344 C:\WINDOWS\system32\vsxml.dll
2006-08-01 13:49 83,960 C:\WINDOWS\system32\vsdata.dll
2006-08-01 13:49 440,312 C:\WINDOWS\system32\vsutil.dll
2006-08-01 13:49 157,688 C:\WINDOWS\system32\vsinit.dll
2006-08-01 12:32 234,272 C:\WINDOWS\system32\n84s0ih7e84.dll
2006-07-31 22:19 57,344 C:\WINDOWS\kiuj0v.exe
2006-07-31 22:19 45,056 C:\WINDOWS\System32tfthot.exe
2006-07-31 22:19 45,056 C:\WINDOWS\system32\tfthot.exe
2006-07-31 22:19 36,864 C:\WINDOWS\system32\ahnciup.exe
2006-07-31 22:19 28,672 C:\WINDOWS\System32ftuninst.exe
2006-07-31 22:19 28,672 C:\WINDOWS\system32\iqrdy2c1.exe
2006-07-31 22:19 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-07-31 22:19 24,576 C:\WINDOWS\System32ssec.exe
2006-07-31 22:19 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-31 22:19 221,184 C:\WINDOWS\system32\ubbv.dll
2006-07-31 22:19 143,360 C:\WINDOWS\system32\mptft.exe
2006-07-31 22:19 1,163,264 C:\WINDOWS\system32\fhsxc.exe
2006-07-31 22:18 139,264 C:\WINDOWS\MirarSetup_876075.exe
2006-07-31 22:08 578,560 C:\Installer3.exe
2006-07-31 22:07 517,168 C:\ucmoreiex.exe
2006-07-31 22:07 48,190 C:\RDFX4.exe
2006-07-31 22:07 30,208 C:\SS1001newer.exe
2006-07-31 22:07 14,848 C:\stub_113_4_0_4_0newer.exe
2006-07-30 21:29 14,617 C:\WINDOWS\xload.exe
2006-07-30 21:25 61,440 C:\WINDOWS\system32\cqx5550c.dll
2006-07-30 21:25 29,696 C:\WINDOWS\system32\w24b92d2.dll
2006-07-30 21:25 232,749 C:\WINDOWS\pf78.exe
2006-07-30 21:25 2,560 C:\ac3_0010.exe
2006-07-30 21:25 143,360 C:\WINDOWS\sys02068666390-1.exe
2006-07-30 21:25 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-30 21:25 1,064 C:\WINDOWS\system32\cqx5550c.sys
2006-07-30 21:24 53,120 C:\WINDOWS\optimize.exe
2006-07-30 21:24 467,968 C:\visfx500new.exe
2006-07-30 21:24 380,928 C:\WINDOWS\system32\WinNB58.dll
2006-07-30 21:24 32,768 C:\WINDOWS\unstall.exe
2006-07-27 22:52 491,520 C:\WINDOWS\system32\WWEXEC~1.EXE
2006-07-27 22:25 41,984 C:\WINDOWS\system32\ixt2.dll
2006-07-27 22:18 41,984 C:\WINDOWS\system32\ixt1.dll
2006-07-27 20:27 8,760 C:\WINDOWS\system32\isnotify.exe
2006-07-27 20:27 61,440 C:\WINDOWS\system32\issearch.exe
2006-07-27 20:27 41,984 C:\WINDOWS\system32\ixt0.dll
2006-07-27 20:25 99,856 C:\WINDOWS\system32\ishost.exe
2006-07-27 20:25 12,288 C:\WINDOWS\system32\ismon.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ftexc"="C:\\WINDOWS\\System32\\mptft.exe"
"tSdURg2"="\"C:\\WINDOWS\\System32\\fhsxc.exe\""
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"IpWins"="C:\\Program Files\\ipwins\\ipwins.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"
"PcSync"="PCsync.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"kernel32.dll"="C:\\WINDOWS\\System32\\isnotify.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"
"PcSync"="PCsync.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C04D71EA-04B0-1033-0212-030208230002}"="\"C:\\Program Files\\Common Files\\{C04D71EA-04B0-1033-0212-030208230002}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Adobe\\kyzenekaj.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Common Files\\howyl.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"contraposition"="{3dab4d3e-1d45-406e-9cda-25227a7a2633}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 2000 Series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\officejet 6100.lnk"
"backup"="C:\\WINDOWS\\pss\\officejet 6100.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hposol08.exe "
"item"="officejet 6100"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arcnev]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="arcnev"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\arcnev.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aruogpbmw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchPd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\LaunchPd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cqx5550c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w24b92d2.dll,n 0025550a0000000a24b92d2"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cthelper"
"hkey"="HKLM"
"command"="cthelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_7"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dipqgbqrxz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e1k8mrc7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="e1k8mrc7"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\e1k8mrc7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\easywww]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="easywww2"
"hkey"="HKLM"
"command"="C:\\windows\\easywww2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fifu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fifum"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fifu\\fifum.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hzzjqttA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hzzjqttA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\hzzjqttA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iebj]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WWEXEC~1"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\WWEXEC~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lsmr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlogon"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\System32\\ICROSO~1.NET\\winlogon.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaGateway"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Gateway\\MediaGateway.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSOICONS"
"hkey"="HKLM"
"command"="MSOICONS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxipvofcoirz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mserrorw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mserrorw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mserrorw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_7"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odoyxs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="System32:odoyxs"
"hkey"="HKLM"
"command"="rundll32 C:\\WINDOWS\\System32:odoyxs.dll,Init 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\orbiwicote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCsync"
"hkey"="HKCU"
"command"="PCsync.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RAM_XP"
"hkey"="HKLM"
"command"="C:\\Program Files\\RAM Idle LE\\RAM_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\redirect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="redirect9"
"hkey"="HKLM"
"command"="C:\\windows\\redirect9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RHSI SHS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SHS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\program files\\180searchassistant\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shisnw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shisnw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\shisnw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srghsxbcyuowy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys02068666390-1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys02068666390-1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys02068666390-1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tclock_install"
"hkey"="HKCU"
"command"="C:\\Program Files\\TClock\\tclock_install.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tSdURg2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fhsxc"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\fhsxc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ufrrju]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lvpgg"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ocaiw\\Lvpgg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdater"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
"key"=&q

#6 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 01 August 2006 - 07:04 PM

SmitFraudFix v2.78

Scan done at 17:45:55.20, 01/08/2006
Run from C:\Documents and Settings\Kel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kel\FAVORI~1

C:\DOCUME~1\Kel\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyQuake2.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Adobe\\kyzenekaj.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Common Files\\howyl.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"contraposition"="{3dab4d3e-1d45-406e-9cda-25227a7a2633}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#7 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 August 2006 - 09:35 AM

bump

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 AM

Posted 03 August 2006 - 02:59 PM

Hey there KellenT
No need to bump, I can see when you reply, I'm just busy.
Again, you didn't paste the full Combofix log, so please make sure you do next time if possible :thumbsup:

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

1) Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries. Don't worry if you get errors when you try to uninstaller them:

Command
FlashGet(JetCar)
Forethought
IpWins
Logitech Desktop Messenger
Network Monitor
Quicklinks
SelectRebates
Surf SideKick
ToolBar888
UCmore - The Search Accelerator
Win-Tools Easy Installer (by WebSearch)


2) * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt2.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\System32\ubbv.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\System32\fhsxc.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Kel\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/w...OCX/FlashAX.cab
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\System32\ubbv.dll
O21 - SSODL: contraposition - {3dab4d3e-1d45-406e-9cda-25227a7a2633} - C:\WINDOWS\System32\onofub.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hzzjqtt.exe (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

3) Open notepad and copy and paste next in it:

sc delete "Windows Overlay Components"
sc stop WinToolsSvc
sc delete WinToolsSvc

Save this as look.bat
Choose to save as all files.
This is how the batch must look afterwards: Posted Image
Doubleclick look.bat and let the program run.

4)
Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\System32\shisnw.exe
C:\WINDOWS\alchem.exe
C:\WINDOWS\system32\wnstssu.exe
C:\WINDOWS\system32\ixt2.dll
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\t0r80a9ued.dll
C:\WINDOWS\system32\n84s0ih7e84.dll
C:\WINDOWS\system32\cqx5550c.sys
C:\WINDOWS\system32\ubbv.dll
C:\WINDOWS\system32\iqrdy2c1.exe
C:\WINDOWS\System32tfthot.exe
C:\Program Files\Ocaiw\Lvpgg.exe
C:\WINDOWS\System32ftuninst.exe
C:\WINDOWS\System32ssec.exe
C:\WINDOWS\system32\tfthot.exe
C:\WINDOWS\system32\ftuninst.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\kiuj0v.exe
C:\WINDOWS\MirarSetup_876075.exe
C:\Installer3.exe
C:\ucmoreiex.exe
C:\SS1001newer.exe
C:\stub_113_4_0_4_0newer.exe
C:\RDFX4.exe
C:\WINDOWS\system32\oins.exe
C:\WINDOWS\mtuninst.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\system32\cqx5550c.dll
C:\WINDOWS\system32\w24b92d2.dll
C:\ac3_0010.exe
C:\WINDOWS\sys02068666390-1.exe
C:\WINDOWS\pf78.exe
C:\visfx500new.exe
C:\WINDOWS\optimize.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\WWEXEC~1.EXE
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\fhsxc.exe
C:\WINDOWS\system32\ahnciup.exe
C:\Program Files\Common Files\howyl.html
C:\WINDOWS\system32\e1k8mrc7.exe
C:\WINDOWS\system32\0vvhm711.dll
C:\WINDOWS\system32\cqk7m3vm.exe
C:\WINDOWS\1h71l0ke.exe
C:\WINDOWS\system32\hotkeysvc.exe
C:\WINDOWS\system32\PCsync.exe
C:\Program Files\Adobe\kyzenekaj.html
C:\Program Files\Common Files\howyl.html
C:\WINDOWS\v1201.exe
C:\WINDOWS\System32\eiqemflf.exe
C:\WINDOWS\System32\w24b92d2.dll
C:\windows\easywww2.exe
C:\WINDOWS\hzzjqttA.exe
C:\WINDOWS\System32\msoicons.exe
C:\WINDOWS\System32\eiqemflf.exe
C:\WINDOWS\System32\mserrorw.exe
C:\WINDOWS\System32:odoyxs.dll
C:\windows\redirect9.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

5) After the reboot please see if any of the following folders are present - if so delete them:

C:\Program Files\180searchassistant
C:\Program Files\ToolBar888
C:\Program Files\TheSearchAccelerator
C:\Program Files\SystemDoctor 2006 Free
C:\Program Files\TClock
C:\Program Files\InetGet2
C:\Program Files\Common Files\fifu
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
C:\Program Files\Cowabanga
C:\Program Files\SpyQuake2.com
C:\Program Files\Common Files\WinTools
C:\Program Files\ipwins
C:\Program Files\Common Files\GMT
C:\Program Files\Common Files\CMEII
C:\Program Files\Internet Optimizer
C:\Program Files\Media Gateway
C:\Program Files\Toolbar

6) Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

7) Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

8) Once in Safe Mode, open the SmitfraudFix folder again.
  • Double-click smitfraudfix.cmd.
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
  • The report can also be found at the root of the system drive, usually at C:\rapport.txt
  • Warning : running option #2 on a non infected computer will remove your Desktop background.
9) Please post back with:
a) A new Hijackthis log
b ) New Comboxfix log
c) Smitfraudfix log

David

#9 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 August 2006 - 03:36 PM

Ok thanks! Will give it a go, Here's the full combofix log, sorry about that.

Kellen




Start Time= 01/08/2006 17:36:56.65
Running from: C:\Documents and Settings\Kel\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D56F6FB1-9EBC-4388-9AC1-95FB0FB9BA5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ceypt32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\f22m0cf1ef2.dll
C:\WINDOWS\SYSTEM32\gp02l3do1.dll
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\hfetmon.dll
C:\WINDOWS\SYSTEM32\s6880glue6q80.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Kel\Application Data\Sskknwrd.dll
C:\Documents and Settings\Kel\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Kel\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\Common Files\Sony Shared\PD\NW-E200_E300 series manuals\SSKR.pdf
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\Prefetch\SSKUPDATER3.EXE-024DA136.pf
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



17:41:26.68
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\drsmartload45a7i.exe
C:\drsmartload46a7i.exe
C:\drsmartload849a7i.exe
C:\dfndrff_7.exe
C:\dfndrfg_7.exe
C:\nwnmff_7.exe
C:\nwnmfg_7.exe
C:\kybrdff_7.exe
C:\kybrdfg_7.exe
C:\Documents and Settings\Kel\Local Settings\Temp\drsmartload180a.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\warebundlenewer.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\WINDOWS\U2thcmU


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 01:21:30 ( .D... ) "C:\Program Files\Common Files\NSV"
2006-08-01 14:02:18 41984 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-08-01 14:02:18 12288 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-08-01 13:50:30 ( .D... ) "C:\Program Files\Zone Labs"
2006-08-01 13:32:36 ( .D... ) "C:\Program Files\ipwins"
2006-08-01 12:33:24 234272 ( ..S.R ) "C:\WINDOWS\system32\t0r80a9ued.dll"
2006-08-01 12:08:56 234272 ( ..S.R ) "C:\WINDOWS\system32\n84s0ih7e84.dll"
2006-08-01 11:24:22 1064 ( A.... ) "C:\WINDOWS\system32\cqx5550c.sys"
2006-08-01 11:24:22 1064 ( A.... ) "C:\WINDOWS\system32\cqx5550c.sys"
2006-07-31 22:19:18 221184 ( A.... ) "C:\WINDOWS\system32\ubbv.dll"
2006-07-31 22:19:18 28672 ( A.... ) "C:\WINDOWS\system32\iqrdy2c1.exe"
2006-07-31 22:19:16 45056 ( A.... ) "C:\WINDOWS\System32tfthot.exe"
2006-07-31 22:19:16 28672 ( A.... ) "C:\WINDOWS\System32ftuninst.exe"
2006-07-31 22:19:16 24576 ( A.... ) "C:\WINDOWS\System32ssec.exe"
2006-07-31 22:19:14 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-07-31 22:19:14 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-07-31 22:19:14 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-31 22:19:10 57344 ( A.... ) "C:\WINDOWS\kiuj0v.exe"
2006-07-31 22:19:08 ( .D... ) "C:\Program Files\ToolBar888"
2006-07-31 22:19:00 139264 ( A.... ) "C:\WINDOWS\MirarSetup_876075.exe"
2006-07-31 22:08:08 578560 ( A.... ) "C:\Installer3.exe"
2006-07-31 22:07:56 ( .D... ) "C:\Program Files\TheSearchAccelerator"
2006-07-31 22:07:52 517168 ( A.... ) "C:\ucmoreiex.exe"
2006-07-31 22:07:34 30208 ( A.... ) "C:\SS1001newer.exe"
2006-07-31 22:07:32 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
2006-07-31 22:07:20 48190 ( A.... ) "C:\RDFX4.exe"
2006-07-31 11:31:24 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-30 21:41:46 ( .D... ) "C:\Documents and Settings\Kel\Application Data\SystemDoctor 2006 Free"
2006-07-30 21:31:34 ( .D... ) "C:\Program Files\SystemDoctor 2006 Free"
2006-07-30 21:30:26 155136 ( A.... ) "C:\WINDOWS\system32\oins.exe"
2006-07-30 21:30:26 39424 ( A.... ) "C:\WINDOWS\mtuninst.exe"
2006-07-30 21:29:32 14617 ( A.... ) "C:\WINDOWS\xload.exe"
2006-07-30 21:26:50 ( .D... ) "C:\Program Files\TClock"
2006-07-30 21:26:50 ( .D... ) "C:\Program Files\InetGet2"
2006-07-30 21:26:00 61440 ( A.... ) "C:\WINDOWS\system32\cqx5550c.dll"
2006-07-30 21:25:52 29696 ( A.... ) "C:\WINDOWS\system32\w24b92d2.dll"
2006-07-30 21:25:48 2560 ( A.... ) "C:\ac3_0010.exe"
2006-07-30 21:25:30 ( .D... ) "C:\Program Files\Common Files\fifu"
2006-07-30 21:25:20 143360 ( A.... ) "C:\WINDOWS\sys02068666390-1.exe"
2006-07-30 21:25:12 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-30 21:25:04 467968 ( A.... ) "C:\visfx500new.exe"
2006-07-30 21:24:54 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-07-30 21:24:54 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-07-30 21:24:44 380928 ( A.... ) "C:\WINDOWS\system32\WinNB58.dll"
2006-07-30 21:24:42 ( .D... ) "C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
2006-07-30 21:24:38 ( .D... ) "C:\Program Files\Cowabanga"
2006-07-30 10:45:08 2 ( A.... ) "C:\WINDOWS\system32\wnstssu.exe"
2006-07-29 15:12:34 ( .D... ) "C:\Documents and Settings\Kel\Application Data\Apple Computer"
2006-07-29 15:10:06 ( .D... ) "C:\Program Files\iTunes"
2006-07-29 15:08:00 ( .D... ) "C:\Program Files\iPod"
2006-07-27 22:21:08 41984 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-07-27 22:09:48 41984 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-07-27 20:58:32 ( .D... ) "C:\Program Files\NoAdware4"
2006-07-27 20:27:16 ( .D... ) "C:\Program Files\SpyQuake2.com"
2006-07-27 20:27:04 61440 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-07-27 20:27:04 8760 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-07-27 20:25:08 99856 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-07-25 15:41:50 491520 ( ..SHR ) "C:\WINDOWS\system32\WWEXEC~1.EXE"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-21 00:39:08 ( .D... ) "C:\Program Files\BattleFieldPokerMPP"
2006-07-13 15:56:50 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-07-13 15:13:22 1163264 ( A.... ) "C:\WINDOWS\system32\fhsxc.exe"
2006-07-13 15:13:08 36864 ( A.... ) "C:\WINDOWS\system32\ahnciup.exe"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-07-09 13:41:58 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\Common Files\howyl.html"
2006-06-03 14:10:06 ( .D... ) "C:\Program Files\GoldWave"
2006-05-24 10:07:52 401989 ( A.... ) "C:\WINDOWS\system32\e1k8mrc7.exe"
2006-05-24 10:06:34 143421 ( A.... ) "C:\WINDOWS\system32\0vvhm711.dll"
2006-05-22 12:13:42 41984 ( A.... ) "C:\WINDOWS\system32\cqk7m3vm.exe"
2006-05-22 12:13:08 74240 ( A.... ) "C:\WINDOWS\1h71l0ke.exe"
2006-05-09 23:39:24 357405 ( ..... ) "C:\WINDOWS\Titan Poker setup.exe"
2005-04-21 16:53:58 183 ( A.... ) "C:\Program Files\1SH5PL5T.bat"
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-01 14:02 234,272 C:\WINDOWS\system32\t0r80a9ued.dll
2006-08-01 13:50 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-08-01 13:50 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-08-01 13:50 59,384 C:\WINDOWS\system32\vswmi.dll
2006-08-01 13:50 392,824 C:\WINDOWS\system32\vsdatant.sys
2006-08-01 13:50 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-08-01 13:50 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-08-01 13:50 100,344 C:\WINDOWS\system32\vsxml.dll
2006-08-01 13:49 83,960 C:\WINDOWS\system32\vsdata.dll
2006-08-01 13:49 440,312 C:\WINDOWS\system32\vsutil.dll
2006-08-01 13:49 157,688 C:\WINDOWS\system32\vsinit.dll
2006-08-01 12:32 234,272 C:\WINDOWS\system32\n84s0ih7e84.dll
2006-07-31 22:19 57,344 C:\WINDOWS\kiuj0v.exe
2006-07-31 22:19 45,056 C:\WINDOWS\System32tfthot.exe
2006-07-31 22:19 45,056 C:\WINDOWS\system32\tfthot.exe
2006-07-31 22:19 36,864 C:\WINDOWS\system32\ahnciup.exe
2006-07-31 22:19 28,672 C:\WINDOWS\System32ftuninst.exe
2006-07-31 22:19 28,672 C:\WINDOWS\system32\iqrdy2c1.exe
2006-07-31 22:19 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-07-31 22:19 24,576 C:\WINDOWS\System32ssec.exe
2006-07-31 22:19 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-31 22:19 221,184 C:\WINDOWS\system32\ubbv.dll
2006-07-31 22:19 143,360 C:\WINDOWS\system32\mptft.exe
2006-07-31 22:19 1,163,264 C:\WINDOWS\system32\fhsxc.exe
2006-07-31 22:18 139,264 C:\WINDOWS\MirarSetup_876075.exe
2006-07-31 22:08 578,560 C:\Installer3.exe
2006-07-31 22:07 517,168 C:\ucmoreiex.exe
2006-07-31 22:07 48,190 C:\RDFX4.exe
2006-07-31 22:07 30,208 C:\SS1001newer.exe
2006-07-31 22:07 14,848 C:\stub_113_4_0_4_0newer.exe
2006-07-30 21:29 14,617 C:\WINDOWS\xload.exe
2006-07-30 21:25 61,440 C:\WINDOWS\system32\cqx5550c.dll
2006-07-30 21:25 29,696 C:\WINDOWS\system32\w24b92d2.dll
2006-07-30 21:25 232,749 C:\WINDOWS\pf78.exe
2006-07-30 21:25 2,560 C:\ac3_0010.exe
2006-07-30 21:25 143,360 C:\WINDOWS\sys02068666390-1.exe
2006-07-30 21:25 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-30 21:25 1,064 C:\WINDOWS\system32\cqx5550c.sys
2006-07-30 21:24 53,120 C:\WINDOWS\optimize.exe
2006-07-30 21:24 467,968 C:\visfx500new.exe
2006-07-30 21:24 380,928 C:\WINDOWS\system32\WinNB58.dll
2006-07-30 21:24 32,768 C:\WINDOWS\unstall.exe
2006-07-27 22:52 491,520 C:\WINDOWS\system32\WWEXEC~1.EXE
2006-07-27 22:25 41,984 C:\WINDOWS\system32\ixt2.dll
2006-07-27 22:18 41,984 C:\WINDOWS\system32\ixt1.dll
2006-07-27 20:27 8,760 C:\WINDOWS\system32\isnotify.exe
2006-07-27 20:27 61,440 C:\WINDOWS\system32\issearch.exe
2006-07-27 20:27 41,984 C:\WINDOWS\system32\ixt0.dll
2006-07-27 20:25 99,856 C:\WINDOWS\system32\ishost.exe
2006-07-27 20:25 12,288 C:\WINDOWS\system32\ismon.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ftexc"="C:\\WINDOWS\\System32\\mptft.exe"
"tSdURg2"="\"C:\\WINDOWS\\System32\\fhsxc.exe\""
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"IpWins"="C:\\Program Files\\ipwins\\ipwins.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"
"PcSync"="PCsync.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"kernel32.dll"="C:\\WINDOWS\\System32\\isnotify.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"
"CTHelper"="cthelper.exe"
"PcSync"="PCsync.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C04D71EA-04B0-1033-0212-030208230002}"="\"C:\\Program Files\\Common Files\\{C04D71EA-04B0-1033-0212-030208230002}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Adobe\\kyzenekaj.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Common Files\\howyl.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"contraposition"="{3dab4d3e-1d45-406e-9cda-25227a7a2633}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 2000 Series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\officejet 6100.lnk"
"backup"="C:\\WINDOWS\\pss\\officejet 6100.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hposol08.exe "
"item"="officejet 6100"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arcnev]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="arcnev"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\arcnev.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aruogpbmw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchPd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\LaunchPd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cqx5550c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w24b92d2.dll,n 0025550a0000000a24b92d2"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cthelper"
"hkey"="HKLM"
"command"="cthelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_7"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dipqgbqrxz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e1k8mrc7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="e1k8mrc7"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\e1k8mrc7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\easywww]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="easywww2"
"hkey"="HKLM"
"command"="C:\\windows\\easywww2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fifu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fifum"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fifu\\fifum.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hzzjqttA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hzzjqttA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\hzzjqttA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iebj]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WWEXEC~1"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\WWEXEC~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lsmr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlogon"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\System32\\ICROSO~1.NET\\winlogon.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaGateway"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Gateway\\MediaGateway.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSOICONS"
"hkey"="HKLM"
"command"="MSOICONS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxipvofcoirz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mserrorw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mserrorw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mserrorw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_7"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odoyxs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="System32:odoyxs"
"hkey"="HKLM"
"command"="rundll32 C:\\WINDOWS\\System32:odoyxs.dll,Init 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\orbiwicote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCsync"
"hkey"="HKCU"
"command"="PCsync.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RAM_XP"
"hkey"="HKLM"
"command"="C:\\Program Files\\RAM Idle LE\\RAM_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\redirect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="redirect9"
"hkey"="HKLM"
"command"="C:\\windows\\redirect9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RHSI SHS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SHS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\program files\\180searchassistant\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shisnw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shisnw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\shisnw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srghsxbcyuowy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys02068666390-1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys02068666390-1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys02068666390-1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tclock_install"
"hkey"="HKCU"
"command"="C:\\Program Files\\TClock\\tclock_install.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tSdURg2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fhsxc"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\fhsxc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ufrrju]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lvpgg"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ocaiw\\Lvpgg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdater"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
"key"=&

#10 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 August 2006 - 03:39 PM

Seems to be cutting off my posts

heres the rest:


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wupdt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WINFRW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\WINFRW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xload"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\xload.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=" -quiet"
"hkey"="HKCU"
"command"=" -quiet"
"inimapping"="0"




Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1064650550.job

Completion time: 01/08/2006 17:41:36.28
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

#11 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 August 2006 - 04:26 PM

The new HijackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 5:13:30 PM, on 03/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}\Update.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kel\Desktop\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\PokerNow\PokerNow.exe (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Poker Rewards Poker - {6DAF93EB-C7E3-41ab-83D9-CAE1785F41BC} - C:\Program Files\pokerrewardsMPP\MPPoker.exe
O9 - Extra button: Aztec Riches Poker - {7FCF69CA-B1D5-4b13-A6B0-31020DD5A976} - C:\Program Files\aztecrichesMPP\MPPoker.exe
O9 - Extra button: POKER - {B736E0DC-CCE3-4e3c-B14F-403FC1569583} - C:\Program Files\BattleFieldPokerMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Program Files\PokermMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://takoshi99.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



The new Combofix log:

Start Time= 03/08/2006 17:14:01.79
Running from: C:\Documents and Settings\Kel\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 01:21:30 ( .D... ) "C:\Program Files\Common Files\NSV"
2006-08-01 13:50:30 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-31 11:31:24 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-30 21:41:46 ( .D... ) "C:\Documents and Settings\Kel\Application Data\SystemDoctor 2006 Free"
2006-07-30 21:24:42 ( .D... ) "C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
2006-07-29 15:12:34 ( .D... ) "C:\Documents and Settings\Kel\Application Data\Apple Computer"
2006-07-29 15:10:06 ( .D... ) "C:\Program Files\iTunes"
2006-07-29 15:08:00 ( .D... ) "C:\Program Files\iPod"
2006-07-27 20:58:32 ( .D... ) "C:\Program Files\NoAdware4"
2006-07-21 00:39:08 ( .D... ) "C:\Program Files\BattleFieldPokerMPP"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-07-09 13:41:58 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-03 14:10:06 ( .D... ) "C:\Program Files\GoldWave"
2006-05-09 23:39:24 357405 ( ..... ) "C:\WINDOWS\Titan Poker setup.exe"
2005-04-21 16:53:58 183 ( A.... ) "C:\Program Files\1SH5PL5T.bat"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-01 13:50 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-08-01 13:50 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-08-01 13:50 59,384 C:\WINDOWS\system32\vswmi.dll
2006-08-01 13:50 392,824 C:\WINDOWS\system32\vsdatant.sys
2006-08-01 13:50 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-08-01 13:50 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-08-01 13:50 100,344 C:\WINDOWS\system32\vsxml.dll
2006-08-01 13:49 83,960 C:\WINDOWS\system32\vsdata.dll
2006-08-01 13:49 440,312 C:\WINDOWS\system32\vsutil.dll
2006-08-01 13:49 157,688 C:\WINDOWS\system32\vsinit.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C04D71EA-04B0-1033-0212-030208230002}"="\"C:\\Program Files\\Common Files\\{C04D71EA-04B0-1033-0212-030208230002}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 2000 Series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\officejet 6100.lnk"
"backup"="C:\\WINDOWS\\pss\\officejet 6100.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hposol08.exe "
"item"="officejet 6100"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arcnev]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="arcnev"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\arcnev.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aruogpbmw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchPd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\LaunchPd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cqx5550c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w24b92d2.dll,n 0025550a0000000a24b92d2"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cthelper"
"hkey"="HKLM"
"command"="cthelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_7"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dipqgbqrxz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e1k8mrc7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="e1k8mrc7"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\e1k8mrc7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\easywww]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="easywww2"
"hkey"="HKLM"
"command"="C:\\windows\\easywww2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fifu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fifum"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fifu\\fifum.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hzzjqttA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hzzjqttA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\hzzjqttA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iebj]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WWEXEC~1"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\WWEXEC~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lsmr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlogon"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\System32\\ICROSO~1.NET\\winlogon.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaGateway"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Gateway\\MediaGateway.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSOICONS"
"hkey"="HKLM"
"command"="MSOICONS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxipvofcoirz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mserrorw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mserrorw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mserrorw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_7"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odoyxs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="System32:odoyxs"
"hkey"="HKLM"
"command"="rundll32 C:\\WINDOWS\\System32:odoyxs.dll,Init 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\orbiwicote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCsync"
"hkey"="HKCU"
"command"="PCsync.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RAM_XP"
"hkey"="HKLM"
"command"="C:\\Program Files\\RAM Idle LE\\RAM_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\redirect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="redirect9"
"hkey"="HKLM"
"command"="C:\\windows\\redirect9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RHSI SHS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SHS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\program files\\180searchassistant\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shisnw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shisnw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\shisnw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srghsxbcyuowy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eiqemflf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\eiqemflf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys02068666390-1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys02068666390-1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys02068666390-1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tclock_install"
"hkey"="HKCU"
"command"="C:\\Program Files\\TClock\\tclock_install.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tSdURg2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fhsxc"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\fhsxc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ufrrju]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lvpgg"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ocaiw\\Lvpgg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdater"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wupdt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WINFRW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\WINFRW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xload"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\xload.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=" -quiet"
"hkey"="HKCU"
"command"=" -quiet"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1064650550.job

Completion time: 03/08/2006 17:14:54.21
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

#12 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 August 2006 - 04:27 PM

The new Smitfraudfix log:

SmitFraudFix v2.78

Scan done at 17:19:15.42, 03/08/2006
Run from C:\Documents and Settings\Kel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 AM

Posted 04 August 2006 - 03:16 AM

Excellent Kellen, Lots of instructions there and you followed them really well.
The logs are looking much cleaner now.
We just have to clean up the registry a bit now, and complete a few other things.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

1) Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{C04D71EA-04B0-1033-0212-030208230002}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ufrrju]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tSdURg2]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys02068666390-1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srghsxbcyuowy]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shisnw]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\redirect]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\orbiwicote]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odoyxs]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mserrorw]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxipvofcoirz]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxipvofcoirz]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lsmr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iebj]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hzzjqttA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fifu]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\easywww]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e1k8mrc7]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dipqgbqrxz]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cqx5550c]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aruogpbmw]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arcnev]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

2) * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O15 - Trusted Zone: *.sxload.com

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

3) You are missing one important program on that computer - an antivirus!
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

4) I want to run a scanner to see if we can find any more leftovers.
Please download Ewido Anti-Spyware and save the file to your desktop.
This is a free 30 day trial version of the program.
  • Locate the icon on your desktop and double click it to open the set-up program.
  • Follow the instructions on screen to install Ewido.
  • Run the program and you will meet the main screen.
  • Select the icon "Update" then select the "Update now" link
  • Next click the "Start Update" button; a progress bar will show the updates being installed.
  • Now select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Click on "Recommended actions" and then select "Quarantine".
  • Close the program now, we will be running a scan a bit later.
  • You can go ahead and delete the old setup file from your desktop.
Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:
  • Launch Ewido by double clicking on the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab.
  • Then click on the "Complete System Scan" button.
  • If you have any infections you will be asked for an action - select "apply all actions".
  • Now select the "Reports" icon at the top.
  • Click "Save Report As" and save the text file to your desktop.
  • Close Ewido and reboot back into normal mode.
Please post the results of the Ewido scan in this thread, with a new Combofix log.
Also please let me know how the system is running for you.
David

ps. You have a whole host of poker programs on your computer which normally come bundled with malware like this. Do you use them? You might like to remove some of them because it seems as though you have every program available! :thumbsup:

#14 KellenT

KellenT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 04 August 2006 - 11:45 AM

Hi David,

The system is actually running very well now. No more popups or anything everything seems to be running pretty smooth. I actually play online poker and backgammon for a living. So as far as the poker rooms go, I can probably delete some of them but a few need to stay :thumbsup: . I changed all my passwords to all the sites from another computer a couple days ago. I havent logged into anything from this computer since you warned me. Let me know after looking at the following logs if you think it would be safe for me to get back to work :flowers: . Thank you so much for your help, I really appreciate it, everythings already running sooo much nicer.

Kellen


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:25:26 PM 04/08/2006

+ Scan result:



C:\WINDOWS\Titan Poker setup.exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Ugyyhu.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\!KillBox\cqx5550c.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\!KillBox\Installer3.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\!KillBox\n84s0ih7e84.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\!KillBox\t0r80a9ued.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\!KillBox\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\!KillBox\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\!KillBox\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\!KillBox\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\!KillBox\System32ftuninst.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\!KillBox\System32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\!KillBox\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\!KillBox\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\!KillBox\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\temp.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinStatX.Installer -> Adware.WinTaskAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinStatX.Installer\CLSID -> Adware.WinTaskAd : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\systemw.exe -> Backdoor.Agobot : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\loader2.ocx -> Downloader.Agent.ex : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\84YFSBSM\dl[1].exe -> Downloader.Agent.ki : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HNN52360\dl[1].exe -> Downloader.Agent.ki : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HNN52360\dl[2].exe -> Downloader.Agent.ki : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P4VH3233\dl[1].exe -> Downloader.Agent.ki : Cleaned with backup (quarantined).
C:\WINDOWS\system32\e6f1873b.dll -> Downloader.Braidupdate.d : Cleaned with backup (quarantined).
C:\!KillBox\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup_incred_7.exe -> Downloader.Keenval : Cleaned with backup (quarantined).
C:\WINDOWS\system32\redirect.vbs -> Downloader.Psyme.as : Cleaned with backup (quarantined).
C:\!KillBox\ac3_0010.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\!KillBox\w24b92d2.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\!KillBox\kiuj0v.exe -> Downloader.Small.afi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pk.exe -> Downloader.Small.anb : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\horeb.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\!KillBox\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\!KillBox\sys02068666390-1.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\WINDOWS\LastGood\amm06.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
C:\!KillBox\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\!KillBox\ishost.exe -> Downloader.Zlob.abc : Cleaned with backup (quarantined).
C:\!KillBox\ismon.exe -> Downloader.Zlob.abc : Cleaned with backup (quarantined).
C:\!KillBox\visfx500new.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\WINDOWS\setup.exe -> Dropper.Agent.gk : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx -> Dropper.PurityScan.ae : Cleaned with backup (quarantined).
C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\!KillBox\SS1001newer.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\tskdbg.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup (quarantined).
C:\WINDOWS\system32\D0CE0C16B1.DLL -> Hijacker.Agent.dh : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\!KillBox\howyl.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\!KillBox\kyzenekaj.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup (quarantined).
C:\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\j28cvyj0.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\j28cvyj0.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Kel\Application Data\Mozilla\Firefox\Profiles\0p2z9nr7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Kel\Cookies\kel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\!KillBox\mserrorw.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\BC32OD.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MVCORERW.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SHTMLM.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SIDENTM.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TIVTPXXA.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\_21866c.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\_28591c.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\appsrvq.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\assdoi.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b16k.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bcachew.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bdazelk.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bddvk.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bdhe319k.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bdsl1k.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\edistr.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\efd.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egwizr.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\erfcip.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\etdden.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\evmgmtd.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fde.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hell32s.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iew ChannelsV.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\intrustw.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lntsvrpt.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mcndmgrm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mgutili.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mifsf.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mv8ds32w.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\omctl32c.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ompc.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\onfmspc.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ootokb.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\p4sdmodm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pcupsa.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\peditg.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psp1hfmx.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\racertt.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rowseuib.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdtcm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpsr.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\spmspm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\susdf.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\svcrt20m.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swsockm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sxml2rm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tdlln.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tmssvcn.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\txlegihm.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\txocim.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uickTimeQ.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\utodisca.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vifilea.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xtse.exe -> Trojan.Revop.b : Cleaned with backup (quarantined).
C:\!KillBox\System32ssec.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).
C:\!KillBox\Lvpgg.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end










Start Time= 04/08/2006 12:30:17.03
Running from: C:\Documents and Settings\Kel\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 01:21:30 ( .D... ) "C:\Program Files\Common Files\NSV"
2006-08-04 10:19:32 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-04 09:58:14 ( .D... ) "C:\Program Files\Alwil Software"
2006-08-01 13:50:30 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-31 11:31:24 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-30 21:41:46 ( .D... ) "C:\Documents and Settings\Kel\Application Data\SystemDoctor 2006 Free"
2006-07-30 21:24:42 ( .D... ) "C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
2006-07-29 15:12:34 ( .D... ) "C:\Documents and Settings\Kel\Application Data\Apple Computer"
2006-07-29 15:10:06 ( .D... ) "C:\Program Files\iTunes"
2006-07-29 15:08:00 ( .D... ) "C:\Program Files\iPod"
2006-07-27 20:58:32 ( .D... ) "C:\Program Files\NoAdware4"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-07-09 13:41:58 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-07-06 02:51:14 ( .D... ) "C:\Program Files\BattleFieldPokerMPP"
2006-05-31 05:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2006-05-31 04:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2005-04-21 16:53:58 183 ( A.... ) "C:\Program Files\1SH5PL5T.bat"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-04 09:58 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-04 09:58 624,640 C:\WINDOWS\system32\aswBoot.exe
2006-08-01 13:50 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-08-01 13:50 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-08-01 13:50 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-08-01 13:50 59,384 C:\WINDOWS\system32\vswmi.dll
2006-08-01 13:50 392,824 C:\WINDOWS\system32\vsdatant.sys
2006-08-01 13:50 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-08-01 13:50 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-08-01 13:50 100,344 C:\WINDOWS\system32\vsxml.dll
2006-08-01 13:49 83,960 C:\WINDOWS\system32\vsdata.dll
2006-08-01 13:49 440,312 C:\WINDOWS\system32\vsutil.dll
2006-08-01 13:49 157,688 C:\WINDOWS\system32\vsinit.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 2000 Series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Image Transfer.lnk"
"backup"="C:\\WINDOWS\\pss\\Image Transfer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\IMAGET~1\\SonyTray.exe "
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\officejet 6100.lnk"
"backup"="C:\\WINDOWS\\pss\\officejet 6100.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hposol08.exe "
"item"="officejet 6100"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchPd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\LaunchPd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSOICONS"
"hkey"="HKLM"
"command"="MSOICONS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RAM_XP"
"hkey"="HKLM"
"command"="C:\\Program Files\\RAM Idle LE\\RAM_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RHSI SHS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SHS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=" -quiet"
"hkey"="HKCU"
"command"=" -quiet"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1064650550.job

Completion time: 04/08/2006 12:31:12.10
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-04.123016.txt

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 AM

Posted 04 August 2006 - 12:16 PM

Please delete the following two folders:
C:\Program Files\Common Files\{C04D71EA-04B0-1033-0212-030208230002}"
C:\Documents and Settings\Kel\Application Data\SystemDoctor 2006 Free

I must admit that playing poker for a living is a pretty cool job.
Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users