Tim - 06-11-26  8:49:55.21    Service Pack 2
ComboFix 06.11.26 - Running from: "C:\hjt"

(((((((((((((((((((((((((((((((   Files Created from 2006-10-26 to 2006-11-26  ))))))))))))))))))))))))))))))))))
 
 
2006-11-25	11:04	<DIR>	d--------	C:\!KillBox
2006-11-25	09:35	<DIR>	d--------	C:\hjt
2006-11-25	08:55	<DIR>	d--------	C:\VundoFix Backups
2006-11-18	03:06	<DIR>	d--------	C:\Program Files\MSXML 4.0
2006-11-18	03:05	<DIR>	d--hs----	C:\Config.Msi
2006-11-18	03:05	<DIR>	d--------	C:\8badbca53c55aa2d362b4bca
2006-11-17	13:32	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2006-11-17	13:32	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2006-11-17	13:32	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-13	06:45	126,996	--a------	C:\WINDOWS\system32\rjmjsnsk.dll
2006-11-12	21:50	<DIR>	d--------	C:\WINDOWS\system32\appmgmt
2006-11-04	14:14	1,245,696	--a------	C:\WINDOWS\system32\msxml4.dll
2006-11-03	06:59	49,428	--a------	C:\WINDOWS\system32\sembokgt.dll
2006-11-02	20:45	<DIR>	d--------	C:\Documents and Settings\Tim\Application Data\Motive
2006-11-01	20:38	49,428	--a------	C:\WINDOWS\system32\mwagnbtt.dll
2006-10-29	13:09	684,032	--a------	C:\WINDOWS\system32\libeay32.dll
2006-10-29	13:09	21,568	--a------	C:\WINDOWS\system32\drivers\sshrmd.sys
2006-10-29	13:09	21,056	--a------	C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-29	13:09	20,544	--a------	C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-10-29	13:09	155,648	--a------	C:\WINDOWS\system32\ssleay32.dll
2006-10-29	13:09	128,064	--a------	C:\WINDOWS\system32\drivers\ssidrv.sys
2006-10-29	13:09	<DIR>	d--------	C:\Program Files\Webroot
2006-10-29	13:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Webroot
2006-10-29	12:57	<DIR>	d--------	C:\Documents and Settings\Tim\Application Data\Webroot
2006-10-29	09:20	<DIR>	d--------	C:\WINDOWS\CSC
2006-10-26	20:59	49,428	--a------	C:\WINDOWS\system32\feyjhnru.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-26 08:37	6229	--ahs----	C:\Documents and Settings\Tim\Application Data\889A3C138ABD4EFF9D4F3832B14D7682.sta
2006-11-26 08:37	43932	--ahs----	C:\Documents and Settings\Tim\Application Data\889A3C138ABD4EFF9D4F3832B14D7682.rul
2006-11-22 16:25	--------	d--------	C:\Documents and Settings\Tim\Application Data\Macromedia
2006-11-18 03:02	--------	d--------	C:\Program Files\Internet Explorer
2006-11-17 13:33	--------	d--------	C:\Documents and Settings\Tim\Application Data\Adobe
2006-11-13 06:42	--------	d--------	C:\Program Files\Pure Networks
2006-11-13 06:42	--------	d--------	C:\Program Files\Common Files
2006-11-12 21:58	--------	d--------	C:\Program Files\Common Files\AOL
2006-11-12 21:56	--------	d--------	C:\Documents and Settings\Tim\Application Data\AOL
2006-11-12 21:49	--------	d--------	C:\Program Files\Privacy Crusader Full
2006-10-29 16:09	--------	d--------	C:\Program Files\em
2006-10-29 12:58	920	--a------	C:\WINDOWS\system32\winpfg32.sys
2006-10-24 05:07	122900	--a------	C:\WINDOWS\system32\aaejcivy.dll
2006-10-23 19:55	122900	--a------	C:\WINDOWS\system32\ghwlxqek.dll
2006-10-23 18:26	122900	--a------	C:\WINDOWS\system32\tjryoewh.dll
2006-10-22 08:35	12056	--a------	C:\PPCleanDeleteAtReboot.bat
2006-10-21 00:49	122900	--a------	C:\WINDOWS\system32\dmsqvmyb.dll
2006-10-19 19:52	172132	--a------	C:\WINDOWS\system32\qwinlpem.exe
2006-10-14 06:59	--------	d--------	C:\Program Files\Google
2006-10-13 07:35	65536	--a------	C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35	64000	--a------	C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35	142336	--a------	C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23	163584	--a------	C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-12 18:35	78848	--a------	C:\WINDOWS\ms0317792982006.exe
2006-10-12 18:35	69165	--a------	C:\pp4ico.exe
2006-10-12 09:14	78848	--a------	C:\WINDOWS\system32\nsq11.dll
2006-10-12 09:14	78848	--a------	C:\WINDOWS\system32\nsj59.dll
2006-10-10 19:39	78848	--a------	C:\WINDOWS\system32\nst38.dll
2006-10-02 18:13	--------	d--------	C:\Program Files\Scholastic
2006-10-02 11:15	629264	--a------	C:\WINDOWS\system32\drivers\VetEFile.sys
2006-10-02 11:15	108592	--a------	C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-09-24 13:38	128	--a------	C:\Documents and Settings\Tim\Application Data\wklnhst.dat
2006-09-13 00:01	1084416	--a------	C:\WINDOWS\system32\msxml3.dll
2006-09-05 23:04	74864	--a------	C:\WINDOWS\system32\VetRedir.dll
2006-09-05 23:04	115824	--a------	C:\WINDOWS\UnVet32.exe
2006-09-05 23:04	111728	--a------	C:\WINDOWS\AVShlExt.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"TOSCDSPD"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TFncKy"="TFncKy.exe"
"TDispVol"="TDispVol.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"THotkey"="\"C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe\""
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"LtMoh"="\"C:\\Program Files\\ltmoh\\Ltmoh.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"NDSTray.exe"="NDSTray.exe"
"Tvs"="\"C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe\""
"TPSMain"="TPSMain.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"SmoothView"="\"C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\DLACTRLW.exe"
"Pinger"="\"c:\\toshiba\\ivp\\ism\\pinger.exe\" /run"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"BJCFD"="\"C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe\""
"IPInSightLAN 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"IPInSightMonitor 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="\"C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe\" /autostart"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PrivacyCrusaderFull"="C:\\Program Files\\Privacy Crusader Full\\PrivacyCrusaderFull"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
  63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
  6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
  73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\javaodbc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

 
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 

backup-20061125-105825-791 
O4 - HKLM\..\Run: [mmcrat06] C:\WINDOWS\mmputt.exe
backup-20061125-105825-219 
O4 - HKLM\..\Run: [{D7-7F-F9-93-ZN}] C:\windows\system32\okdsregn.exe ELT001
Completion time: 06-11-26  8:55:19.70 
C:\ComboFix.txt ... 06-11-26 08:55